Saturday, February 5, 2022

[FIXED] .htaccess deny folder access except IP range

      ,      No comments   

Issue

I know I could put a separate .htaccess inside that folder (wp-admin), however, I'm wondering if I could do this with a rule in the main .htaccess file of the site.

And also do this for other folders also in one directive. (wp-includes, wp-content)

For instance, if I wanted to block access to the wp-admin folder on a WP site, one thing I found was this, but not sure if it's correct:

<Files wp-admin$>
Order Deny,Allow

Deny from All
Allow From 47.255.0.0/16
</Files>

z


Solution

With Files directive you can only match specific files not folders. You need to use mod-rewrite for this

RewriteEngine On

#If not Allowed IP address
RewriteCond %{REMOTE_ADDR} !^47\.255\.0\.0/16$
#folders
RewriteCond %{REQUEST_URI} (wp-admin|wp-includes|wp-content) [NC]
#deny access
RewriteRule ^ - [F,L]


Answered By - Amit Verma

0 Comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Total Pageviews

Featured Post

Why Learn PHP Programming

Why Learn PHP Programming A widely-used open source scripting language PHP is one of the most popular programming languages in the world. It...