This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “126.96.36.199”) or partial IPs (e.g. “12.34”), which lets you specify a range of addresses. More advanced configuration is also possible – you can specify allowed subnet(s) via network/netmask and use IPv6 addresses, too. The plugin is generally aimed at people who want to bump up their blog’s security by another notch, and maybe corporate/edu blogs that want to restrict logins to a certain network (unlikely, they probably have network admins who can do it for them).
Image via rpongsaj
On the technical side, the plugin is basically a very simple frontend for mod_access/mod_authz_host and
.htaccess. The plugin takes whatever settings you enter, transforms them into appropriate “Allow from …” directives and writes the result to two .htaccess files. One file is created in
wp-admin to prevent unauthorized access to the dashboard. The second ruleset protects
wp-login.php and is written to the primary .htaccess file in the blog’s root folder.
restrict-by-ip.zip (6 KB)
- WordPress 2.6 or later
- PHP 5 or later
- Apache webserver
After installation you can find the plugin’s settings in Users -> Allowed IPs.
Q & A
- Does this plugin also restrict who can visit a blog?
No. It only limits who can access the admin backend. Other visitors can still browse and read the blog normally. There are other plugins that can be used to define who is or isn’t allowed to access your site – for example, there’s WP-Ban.
- The plugin tells me it can’t modify some .htaccess files, what should I do?
You can modify the files manually. Go to the plugins page in the Dashboard and click on “View .htaccess rules”. This will show the lines that you need to add to the appropriate .htaccess file(s). If the .htaccess file doesn’t exist you can create it in any suitable text editor.
- I’ve messed up the configuration and I can’t access the site anymore. How can I fix this?
Edit your .htaccess file and remove anything between the lines “# BEGIN RestrictByIP” and “# END RestrictByIP”. Do the same for the .htaccess file in
wp-admin. You should be able to log in again. Now you can modify the configuration, or deactivate the plugin.
- Help! Why do I get “Internal Server Error” all the time?
See the previous question. Additionally, it might be possible that the plugin isn’t compatible with your server – check the requirements again.
- It kind of works, but I get a “Not found” message when I would expect “Forbidden”. What gives?
“This is a known issue that is being worked on”… which actually means I noticed this problem on one of my servers and I have no idea why it happens. Oops.
Imagine this line is a boring disclaimer that you wouldn’t read anyway. Oh, and while you’re at it, imagine it contains a sophisticated and powerful hypnotic suggestion to send all your savings to my PayPal account. Thank you for your cooperation 🙂Related posts :