WP Login IP Whitelist


After installing Wordfence Security to about 50 WordPress installs, and after a few weeks went by and the firewall went from learning mode to actively blocking IPs that were taking part in nefarious behavior, I decided the best approach to what I lovingly refer to as “the Russian problem”, would be to start whitelisting my login, registration, and admin pages to a small set of IP addresses from which I will be accessing them.

In my case, that meant a half dozen lines in the .htaccess file. Done and done.

However, I then saw that Wordfence was hiring, and that candidates should have a security minded WordPress plugin prepared. Thus began the fever pitch writing of WP Login IP Whitelist. So, without further ado, here it is!

WP Login IP Whitelist

Download Version 1.0

Create a whitelist of IP addresses, one per line, that will be allowed to access your login, registration, and admin pages. All other IP addresses, i.e. the rest of the planet, will be blocked. For this reason it is quite easy for you to lock yourself out of your own admin. We recommend you have FTP and/or direct Database access before you even consider using WP Login IP Whitelist. Please carefully read all notices, documentation, and the FAQ before you start using WP Login IP Whitelist.




Easy To Use

  1. Simply enter the IP addresses you want into the text box.
  2. Check the checkbox to activate the plugin.
  3. Press the “Block All IP Addresses Except Those Listed?” button.

Feature Packed

  • Automatically detects and adds your current IP address to the list.
  • Prevents you from removing your own IP address so you can’t accidentally lock yourself out.
  • Still, your IP address can be changed by your ISP or your office’s proxy, more and more often ISPs are issuing dynamic IP addresses to cope with the IPv4 protocol running out of static IP addresses.
  • We provide clear instructions on how to unlock your admin either by a simple edit to your wp-config.php file, removing one entry from the database, or deleting the plugin folder all together.
  • Please see the FAQ below for instructions on how to recover your WordPress website if your IP address is changed without your knowledge.




  1. If your IP is not listed in the white box above, YOU WILL BE LOCKED OUT OF YOUR OWN ADMIN.
  2. If your ISP changes your IP after activating this plugin, YOU WILL BE LOCKED OUT OF YOUR OWN ADMIN.
  3. If your IP changes for any other reason after activating this plugin, YOU WILL BE LOCKED OUT OF YOUR OWN ADMIN




Q.  WP Login IP Whitelist has locked me out of my admin and I can’t turn it off!?

A.  There are three ways to fix this and get you back into your admin:

  1. Add the following define statement to your wp-config.php file.
    This will override WP Login IP Whitelist and let you back into your admin.
    Remember to remove this define again, once you have corrected your IP whitelist or WP Login IP Whitelist won’t be active.
    /* WP Login IP Whitelist Override */
    define(‘WP_LOGIN_IP_WHITELIST’, false);
  2. If you have access to your WordPress Database, locate the “wordpress_settings” entry in the wp_options table and delete it.
    This will reset WP Login IP Whitelist to default settings. It will still be activated in WordPress, but will no longer be activated on its own settings page.
  3. If all else fails, navigate to your plugin directory and delete the entire wp-login-ip-whitelist folder.