Restricting IP access to my home computer- Security problems

Hi there,

I've had a problem with hackers installing malware and am trying to correct the situation and protect my site by limiting access to just my home computer for admin items.
I've looked at all the video's and info already out there but need some clarification please!
There is a great post that states I should insert this code to limit access to 1 or more IP's like this:

ErrorDocument 401 /path-to-your-site/index.php?error=404
ErrorDocument 403 /path-to-your-site/index.php?error=404

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^IP Address One$
RewriteCond %{REMOTE_ADDR} !^IP Address Two$
RewriteCond %{REMOTE_ADDR} !^IP Address Three$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

My question is WHERE EXACTLY should I paste this code on the page? It says the beginning is safest but after the title? before? Just want to make sure I'm placing it correctly before I go ahead. Also do I include the dots or just spaces. Still learning, any help would be much appreciated. Just got back from being out of country and this wasn't a good surprise :slight_frown:

This is what I see when I open the htaccess file in my hosting (WP site is currently shut down)

DirectoryIndex index.php

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

  • Adam Czajczyk

    Hey @burlingtonbeachrentals,

    I hope you're well today and thank you for your question!

    First of all, you don't place the code anywhere on the page. You have to modify your .htaccess file and in this case you have to combine those two given sets of code into one, just like this:

    DirectoryIndex index.php
    ErrorDocument 401 /path-to-your-site/index.php?error=404
    ErrorDocument 403 /path-to-your-site/index.php?error=404
    
    # BEGIN WordPress
    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteCond %{REMOTE_ADDR} !^IP Address One$
    RewriteCond %{REMOTE_ADDR} !^IP Address Two$
    RewriteCond %{REMOTE_ADDR} !^IP Address Three$
    RewriteRule ^(.*)$ - [R=403,L]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . /index.php [L]
    </IfModule>
    
    # END WordPress

    That being said however, I wouldn't recommend you to do it as you can easily lock yourself out of the page for good, not being able to do anything later. Instead, I suggest you should give this plugin a try:

    https://wordpress.org/plugins/wordfence/

    Even with it's default configuration it secures your site much better. From what I can recall there also should be an option to limit admin access to some selected IP's. Please remember also that in order for this to work you should have a static IP assigned to your home network. This you can get from your internet provider or using some sort of "dynamic dns" service.

    I hope that helps,
    Adam

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.