Restrict Access to a WordPress Site Based on IP

I recently developed an internal website for our company that wanted to be accessible to employees only. Instead of having a server level password, or individual WordPress logins, we decided to just limit access to by IP address. This way everyone on the office network could access easily, but outside the network they would get an access denied message.

We use WP Engine for hosting, but IP whitelisting or blocking should work with any host.

.htaccess Option

One quick method to set this up is by editing the .htaccess file directly (this should be in the base folder of your WordPress directory) and add the 3 lines at the top of this codeblock:

https://gist.github.com/devinsays/d0781b0b7909c2d16e1b8141c950edea

You’ll want to change the IP address in the example (98.6.000.111) to the IP you want to whitelist. You can also whitelist multiple IP addresses by just adding more below that line.

Plugin Option

An easier option (in my opinion) is to use the Restricted Site Access plugin, maintained by the folks at 10up. This plugin provides you with a dashboard to set up the IP restrictions, and also allows you to set a custom restriction messages or redirects.

About Devin

I am a developer based in Austin, Texas. I run a little theme shop called DevPress and help manage a WooCommerce shop with Universal Yums. Find me on twitter @devinsays.

1 Response

  1. Hi Devin,

    I was recently at WordPress Dublin and another web design company had their own website where they stored internal SOPs, client details etc.

    But I prefer your way as it is more practical. I must check out “Restricted Site Access.”

    Great post.

    Thanks, Gary

Leave a Reply to Gary Gleeson Cancel reply