Restrict Login By IP – A WordPress Plugin

via rpongsajThis plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7”) or partial IPs (e.g. “12.34”), which lets you specify a range of addresses. More advanced configuration is also possible – you can specify allowed subnet(s) via network/netmask and use IPv6 addresses, too. The plugin is generally aimed at people who want to bump up their blog’s security by another notch, and maybe corporate/edu blogs that want to restrict logins to a certain network (unlikely, they probably have network admins who can do it for them).
Image via rpongsaj

On the technical side, the plugin is basically a very simple frontend for mod_access/mod_authz_host and .htaccess. The plugin takes whatever settings you enter, transforms them into appropriate “Allow from …” directives and writes the result to two .htaccess files. One file is created in wp-admin to prevent unauthorized access to the dashboard. The second ruleset protects wp-login.php and is written to the primary .htaccess file in the blog’s root folder.

Download

restrict-by-ip.zip (6 KB)

Requirements :

  • WordPress 2.6 or later
  • PHP 5 or later
  • Apache webserver
  • mod_access or mod_authz_host module

After installation you can find the plugin’s settings in Users -> Allowed IPs.

Q & A

  • Does this plugin also restrict who can visit a blog?
    No. It only limits who can access the admin backend. Other visitors can still browse and read the blog normally. There are other plugins that can be used to define who is or isn’t allowed to access your site – for example, there’s WP-Ban.
  • The plugin tells me it can’t modify some .htaccess files, what should I do?
    You can modify the files manually. Go to the plugins page in the Dashboard and click on “View .htaccess rules”. This will show the lines that you need to add to the appropriate .htaccess file(s). If the .htaccess file doesn’t exist you can create it in any suitable text editor.
  • I’ve messed up the configuration and I can’t access the site anymore. How can I fix this?
    Edit your .htaccess file and remove anything between the lines “# BEGIN RestrictByIP” and “# END RestrictByIP”. Do the same for the .htaccess file in wp-admin. You should be able to log in again. Now you can modify the configuration, or deactivate the plugin.
  • Help! Why do I get “Internal Server Error” all the time?
    See the previous question. Additionally, it might be possible that the plugin isn’t compatible with your server – check the requirements again.
  • It kind of works, but I get a “Not found” message when I would expect “Forbidden”. What gives?
    “This is a known issue that is being worked on”… which actually means I noticed this problem on one of my servers and I have no idea why it happens. Oops.

Imagine this line is a boring disclaimer that you wouldn’t read anyway. Oh, and while you’re at it, imagine it contains a sophisticated and powerful hypnotic suggestion to send all your savings to my PayPal account. Thank you for your cooperation 🙂

Related posts :

18 Responses to “Restrict Login By IP – A WordPress Plugin”

  1. Hi,

    i have install your PlugIn and activation say:
    Parse error: syntax error, unexpected T_STRING, expecting T_OLD_FUNCTION or T_FUNCTION or T_VAR or ‘}’ in /srv/www/vhosts/pretzlaff.info/httpdocs/wordpress_270/wp-content/plugins/restrict-login-by-ip/shadow_plugin_framework.php on line 20

    cya
    Neo

  2. White Shadow says:

    You probably have an old version of PHP. This plugin requires PHP 5 or later.

  3. Ok you have won. After an update everything works.

    *argh* php4 *Shame*

  4. […] Restrict Login By IP – This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can […]

  5. […] Restrict Login by IP This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7″) or partial IPs (e.g. “12.34″), which lets you specify a range of addresses. More advanced configuration is also possible – you can specify allowed subnet(s) via network/netmask and use IPv6 addresses, too. […]

  6. kirk says:

    HLEP !!!!! I installed the plugin and by mistake i have banned my own ip now i can’t get to wp-admin can anyone help me to fix this mistake please………….
    i have deleted the restrict-by-ip folder from the plugins via ftp but nothing has changed i also have deleted the .htacces from wp-admin but still nothing. Am i missing somehing???? Please help.

  7. White Shadow says:

    Open the .htaccess file located in the root directory of your blog and delete everything between the “# BEGIN RestrictByIP” and “# END RestrictByIP” lines. This should allow you to access the admin panel again.

  8. Hi.. If i want to restrict my registration page as well.. how do i add this?
    with a comma as below?
    thanks

    # BEGIN RestrictByIP

    # END RestrictByIP

  9. oh. it stripped that out..

    I put

    Files wp-login.php, wp-register.php

    as if it was inside your example files tag in View .htaccess rules.

    thanks

  10. White Shadow says:

    According to Apache docs, you need to use regular expressions to specify multiple files. Like this :

    
    ...
    
    
  11. […] Restrict Login By IP – This plugin lets you specify IP addresses or hosts that users are allowed to login from. You […]

  12. […] 9. Restrict Login By IP – This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7?) or partial IPs (e.g. “12.34?), which lets you specify a range of addresses. […]

  13. […] 9. Restrict Login By IP – This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7?) or partial IPs (e.g. “12.34?), which lets you specify a range of addresses. […]

  14. […] 9. Restrict Login By IP – This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7″) or partial IPs (e.g. “12.34″), which lets you specify a range of addresses. […]

  15. Peru says:

    Can I setup levels for users?

    example:

    – Administrator: IP restric login by IP
    – journalist : free

  16. Jānis Elsts says:

    Sorry, that’s not possible in the current version.

  17. […] Restrict Login By IP – This plugin lets you specify IP addresses or hosts that users are allowed to login from. You can either use full IPs (e.g. “12.34.56.7″) or partial IPs (e.g. “12.34″), which lets you specify a range of addresses. […]

  18. […] 9. Restrict Login By IP – Bu eklenti ile sisteminize girşler kullanılan ip leri seçebilirsiniz. (örn. “12.34.56.7″)  veya sadece ip adreslerinin son sayılarına göre girişlerini sağlayabilirsiniz.  (örn. “12.34″) […]

Leave a Reply