Posted on by Elvin Haci

Restrict wp-admin access by IP – when you are using Cloudflare

Restricting your wp-admin access by using simple Apache’s .htaccess rules is easy, we know.

How to restrict admin access on wordpress?

Just this rule and that’s all

<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from IP1
Allow from IP2 
#and so on
</Files>

But this would not work if you are using Cloudflare. Just because Cloudflare is middle layer between your website and your website visitor, and you get request with Cloudflare’s own IP-s, not clients’ IP-s.

In order not to lose this information about visitor IP, Cloudflare sends us real visitor’s IP as $_SERVER[‘CF-Connecting-IP’] variable.

So, we just need to adjust our htaccess rule and pass $_SERVER variable there, instead of using IP addresses.

Here is simple htaccess code which works OK with Cloudflare:

SetEnvIF CF-Connecting-IP "SOMEIPHERE1" MyIP
SetEnvIF CF-Connecting-IP "SOMEIPHERE2" MyIP2
<Files wp-login.php>
Require env MyIP
Require env MyIP2
</Files>

That’s all. After saving this block to htaccess, your wp-admin would open for specified IP addresses only.

Discover more from WP DEV - Elvin Haci

Subscribe to get the latest posts sent to your email.

4 Replies to “Restrict wp-admin access by IP – when you are using Cloudflare”

  2. Pingback: EL WP IN
  3. Pingback: Cookie based permission in htaccess - el WP in

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from WP DEV - Elvin Haci

Subscribe now to keep reading and get access to the full archive.

Continue reading