Back to Technical Support

How To Restrict Access In WordPress

This article is part of the Protecting WordPress index, but can be generally applied to your account and security practices! 

Restricting access to certain files or directories in your account is a good way to prevent possible entry points for hackers.

Installing a plugin to help limit login attempts is a step in the right direction.

1. A .htaccess file limiting directory/file access is likely one of the best (remove the spaces between the < and > tags for your code to work):
Order Allow, Deny
Allow from xx.xx.xx.xx 

Note that the xx.xx.xx.xx needs to be replaced with your IP, which can be retrieved from a location like Also, note that your IP may not always be the same, so you may need to occasionally change this file to match.

2. Hide Indexes or Limit Access

In a .htaccess file, add:
Options –Indexes

3. Make sure the PHP source code is never revealed.

Your site's wp-includes/ directory is the most important one to block. Find the .htaccess file there and insert:

RewriteRule ^(wp-includes)\/.*$ ./ [NC,R=301,L]

If there are or will be subdirectories of wp-includes/, insert the following code for each one in the same .htaccess configuration file:

RewriteRule ^(wp-includes|subdirectory-name-here)\/.*$ ./ [NC,R=301,L]

Related Articles

How To Backup Your Website In WordPress
How To Clean Your Site In WordPress
How To Configure Miva Store Utility
How To Find Your Site Manager Account's IP Address
How To Install CGI Software

Can’t Find what you need?

No worries, Our experts are here to help.