How to restrict access to WP-ADMIN while working on Database

Contents

Build your own WordPress Support Plan

Expert, yet affordable WordPress support & maintenance plans.
View our pricing

When working on a WordPress database you don’t want users to make changes to posts or settings which may be lost when making database migrations. Ideally, you will want to conduct work on your database when the site is at the least active stage, usually early mornings, however, this isn’t always possible. We often use this simple function to redirect users away from the WordPress admin while work is being conducted on a database, this prevents the entire site from having to be taken offline but also prevents updates from being lost.

There are several ways to disable admin access in WordPress. Some of them are listed below.

1. Using htacess rules

Allowing only a select IP can resist hackers’ IPs from reaching your website.

Here is how you can restrict others from accessing your website.

Step 1 – Connect to your website through an FTP client

Step  2 – Navigate to public_html directory>wp-admin

Step 3 – Create a .htaccess file there

Step 4 – Paste the following code there and save it-

Order, Deny, Allow
Deny from all
Allow from xx.xx.xx.xx

Edit the “Allow from” line to allow your IP address. For multiple IP whitelisting, repeat the “Allow from” in the next line and so on.

2. Create a custom login URL

You can access the login screen of any WordPress website by appending /wp-login.php to that website’s URL. For example, if your domain is www.example.com, then your login page is at www.example.com/wp-login.php.

If you’re using the WordPress default, then your website’s login page is public knowledge. Even worse, if you’re using the standard /wp-login.php URL and the default admin username, then a hacker already has two of the three pieces of information required to access your admin area.

You can create a custom login URL using a plugin such as WPS Hide Login. Once it’s installed, select Settings > WPS Hide Login from your dashboard menu. You can then enter a new URL into the Login URL field.

Save your changes and your WordPress admin area will now be accessible only via this new URL. Even if a hacker has your username and password, they’ll be unable to reach your login screen.

3. Using Coding

You can use this function in a Must Use Plugin to ensure it runs before any other plugin or theme:

function wph_block_wp_admin_init() {
	if (strpos(strtolower($_SERVER['REQUEST_URI']),'/wp-admin/') !== false) {
		if ( !current_user_can('manage_options') ) {
			wp_redirect( get_option('siteurl'), 302 );
			exit;
		}
	}
}
add_action('init','wph_block_wp_admin_init',0);

This function checks if the user is an Administrator and then redirects them to the homepage if not, you can adjust this to even block administrators by using is_user_logged_in() to redirect any logged-in user (including yourself).

4. Limit login attempts

WordPress doesn’t block users from attempting to log in, even if they enter the incorrect password multiple times. This leaves your website vulnerable to brute-force attacks. Hackers could potentially use an automated script to bombard your account with hundreds or even thousands of potential passwords.

You can limit login attempts using the Wordfence Security plugin. Once you’ve installed it, navigate to Wordfence > All Options. Under Firewall Options, select Brute Force Protection:

image 31

Next, make sure you activate the Enable brute force protection setting. You can then specify how many failed login attempts WordPress should permit before blocking the offending IP address.

If you have any questions or problems with the function please leave a comment or get in touch with us.

Conclusion

We can restrict wp-admin access from users using many ways.

Always make sure to keep your WordPress core, plugins, and themes up to date, as well as maintain strong password policies, to enhance the overall security of your website further. Additionally, consider other security measures like using a reputable web hosting provider and regular backups.

For more information on WordPress basic settings, maintenance routines, or hiring support services for WordPress, let us know your thoughts on custom plans, deals, and support services.

Written By
Adam Haworth
Founder of WP Helper.
You will also like these articles

Relax Knowing Your WordPress Site Is Secure & Running Smoothly 24/7

Let us manage your WordPress site, everything from security to updates will be taken care of. Support plans also come with dedicated support so we can do anything from adding content to customising your site for you.

Same Day Professional WordPress Support

Get WordPress Support Today

Need help with a single WordPress problem, today? We can help with anything from adding analytics tracking code to site hack recovery. Full money back guarantee on all jobs.

1. Submit a Support Request

Use our support ticket form below to send details of your problem to our developers.

2. Get a Quote

We will review your request and provide a quote within 24 hours (but usually within a few hours).

3. We fix your WordPress problem

Our team will begin fixing your WordPress problem the same day.

4. 100% Money Back Guarantee

If we can’t fix the problem for the amount quoted we will refund you 100%.

  • Do you have a screenshot of the issue or have a copy of the theme or plugin that is at fault? If you want to upload php, html or css please zip first.
    Drop files here or
    Accepted file types: jpg, jpeg, png, pdf, zip, gzip, rar, doc, txt, Max. file size: 15 MB, Max. files: 10.