A Plugin That only allows whitelisted IP’s, or optionally whitelisted browsers, to access wp-login.
This plugin does Not effect front-end login plugins.
If an IP is not whitelisted, the wp-login page will be killed and replaced with a message saying “your IP/Browser is not whitelisted”, or optionally redirect the user to 404 page instead.
A better way to hide wp-login. You can add a list of admin IP’s to this plugin, where you want to allow usage of wp-login.
Even if you have other users that login, its better to use another plugin for a more secure front end login, and this plugin will only allow a specific list of IP’s to access the wp-login page.
You can also (optionally) have this plugin attempt to redirect anyone to 404 page, if they try and access wp-login without the right IP.
You can also choose to disable the 404 redirect, and instead tell users there IP is not whitelisted, and that they should contact the admin if this is in error.
The plugin does Not block wp-admin, so once logged in, you can still edit your site on the go.
The plugin also has an option to whitelist your favorite common browsers to wp-login. This means you can keep users from accessing the wp-login page, simply because there using Internet Explore, and not what you chose to allow.
There is another option (which may return false positives), that attempts to check if the source of an IP is commonly used by a proxy server, and can block proxy IP’s to try and reduce spoofing.
- Upload plugin to the /wp-content/plugins
- Important: Make sure you have cpanel or filezilla working and connected to your website, so if you forget to add your IP and get locked out of wp-login, you can disable the plugin
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Add your IP to the list of whitelisted IP’s in Swiftninjapro wp-login Whitelist IP settings (the admin settings page will tell you your Current IP)
- Check the setting “Plugin Enabled” To Enable wp-login Whitelist IP And Click Save
What do I do if I forgot to add my IP to the whitelist and can Not access wp-login
To reactivate the plugin: (requires version 1.10 or later)
1. on your site, go to: /admin-login-whitelist-recovery
2. enter the page password “gHxXeVwvuz6Cez3” (You will still need to verify disabling the plugin through an admin email)
3. follow the directions on that page
After that, the plugins “Enabled” setting will be disabled, and the plugin will not run, and settings will still be accessible.
Note: The email must be an admin users email. The email will also be rejected if the account is less than a week old.
If that fails, you can do 1 of 2 things:
1. Contact your host, and ask them to disable the plugin manually
2. Use FTP, Filezilla, or cpanel, then (click “File Manager”, if using cpanel) navigate to public_html/wp-content/plugins, then find the folder “swiftninjapro-wp-login-whitelist-ip” and rename it to “swiftninjapro-wp-login-whitelist-ip-off” to disable the plugin.
Does this work on wp-login even if I change the name with other plugin
yes, this plugin uses wordpress functions wp_login_url(), wp_registration_url(), etc. to get an accurate url based on what your website uses.
Does this block plugins from logging in users through front-end
no. only the backend wp-login is blocked, you can still use a front end login for your users if you want to.
note: if your front end login plugin uses wp-login, you will need to enable a setting in this plugin, for your front end login plugin to work.
what happens to a user if there IP is not whitelisted
The plugin will kill the wp-login url for non-whitelisted IP’s, and (optional by the admin) display a message saying there IP is not whitelisted, or redirect them to the 404 page.
The plugins displayed message will also suggest a blocked user contact the admin if the block was in error.
以下人員參與了開源軟體〈WP-Login and WP-Admin Whitelist〉的開發相關工作。參與者
Moved recovery page to front end (password protected)
Added recovery page in case ip not whitelisted (requires admin)
Updated Function to detect browser
Usage of new Function can be enabled in the plugin settings
Added option to add wp-admin whitelist
Modified block message shown when 404 redirect option is disabled
– no longer mentions existence of a plugin
– now provides debug suggestions (like changing wifi network or using a different browser)
Settings page now grabs admin url from a wordpress function to provide better compatibility with plugins that may change the admin url
Improved compatibility with plugins that use wp-login redirects
This new compatibility can be enabled in settings and is optional
Browser Detection Now Includes Microsoft Edge
Microsoft Edge no longer returns as Google-Chrome
Added option to block common proxy server IP’s
fixed small php error where multi-line ip list was getting phrased weird and invisible encoding for extra lines (added by default from a common php function) was causing a difference between the userIP and the ip whitelist
ip list now recognizes multiple ip’s in a list
plugin now (optionally) kills the page and displays a message instead of sending a non-whitelisted user to a 404 page
changed the settings layout
updated option names
organized naming system
reorganized plugin layout
Added Option To Whitelist Browser
put settings under a tab which will be shared with other plugins by SwiftNinjaPro
this will help reduce the space taken up in admin menu if you use multiple plugins by SwiftNinjaPro 😀