Cookie based permission in htaccess – restrict WordPress admin access by IP address

In my previous post about htaccess based restriction i showed how to restrict wp-admin or other file/page access by IP address. That’s very good solution when we are using VPN static IP.

But if we are using multiple connections (office, home, caffee, or multiple VPN-s with different IP addresses), then we need to have some easier solution.

And that can be cookie-based permission. Let’s see how to do that.

First of all, open your regular browser, press ctrl+shift+I combination in order to open the browser console tab. And then put this code below there, press enter. (change some_key=some_value to your desired private key-value combination)

document.cookie = "some_key=some_value; expires=Thu, 18 Dec 2043 12:00:00 UTC; path=/";

Here is how it should look like

Now let’s tell htaccess to restrict wp-login.php (you can change that filename to any URL slug for sure) for all visitors but the one who has newly set private cookie.

<Files wp-login.php> 
RewriteEngine On 
RewriteCond %{HTTP_COOKIE} !some_key=some_value;? [NC] 
RewriteRule ^ https://YOURWEBSITE.COM [NC,L] 
</Files>

That’s all. Now nobody except you can access that file.


Discover more from WP DEV - Elvin Haci

Subscribe to get the latest posts sent to your email.

One Reply to “Cookie based permission in htaccess – restrict WordPress admin access by IP address”

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from WP DEV - Elvin Haci

Subscribe now to keep reading and get access to the full archive.

Continue reading