Protect Your WordPress ‘wp-admin’ on Lighttpd

Besides Apache, Lighttpd also has the ability to limit access to your website by client IP address. Today I will share how to protect your WordPress ‘wp-admin’ on Lighttpd by only allow your IP address to gain access to the directory. I assume that you already have a WordPress blog running on Lighttpd because I will not cover that on this mini How to.

First open  your lighttpd.conf using your favorite text editor. Normally I use nano and the following command will open my lighttpd.conf.

nano /etc/lighttpd/lighttpd.conf 

Now add the following configuration to your lighttpd.conf, but remember to change 192.168.1.2 with your IP address.

$HTTP["remoteip"] !~ "192.168.1.2" {
	$HTTP["url"] =~ "^/wp-admin/" {
	url.access-deny =("")
	}
	}

Save your lighttpd.conf and exit the text editor. The change will not take effect until your reboot lighttpd.

/etc/init.d/lighttpd restart

Once Lighttpd completely restart, you are the only person can access the ‘wp-admin’ area. If other person with different ip address try to access it Lighttpd will return 403 error. This will help to reduce the risk of your WordPress blog from brute force attack run by some script kiddies.