Modifying and/or removing wp-login.php Block

We have had to place some blocks for wp-login.php on affected accounts in some cases.

We have, to ensure server stability and account speed, blocked access to the wp-login.php for any affected accounts. You can, however, allow yourself in and, if needed, remove the block entirely.

We created, if it did not exist, or appended to the /home/your-cpanel-username/.htaccess file the following lines:


This is not in /public_html/.htaccess.  It *is* in /.htaccess.

  1. # The following lines have been put in place by your hosting provider as your site was under a brute force dictionary attack.
  2. # You can provide yourself access to the wp-admin by adding an "Allow from" line with your IP address before the "Deny from all" line.
  3. # If you need to allow multiple users in you can remove the following lines entirely if you need or you can add multiple "Allow from" lines.
  4. #
  5. # If you have any questions about this at all, do please get with your hosting provider for support.
  6. #
  7. <Files"wp-login.php">
  8. OrderAllow,Deny
  9. # Uncomment the following line and change the number to your IP address. You can find your IP address at http://www.whatismyip.php/
  10. # Allow from 123.456.789.012
  11. Denyfrom all
  12. </Files>
  13. #
  14. #
  15. # End of brute-force block. If you do wish to remove the block entirely do not remove beyond this line.


You can remove the "#" from the beginning of the 10th line and change the number "123.456.789.012" to your IP address [http://www.whatismyip.php/ ]. This will permit you the ability to log into your WP-Admin while keeping attackers out.

You can make these changes via FTP in the "/" folder you will see a file called ".htaccess" or you can do it via the cPanel -> File Manager [also in "/"] but you may need to set it to show hidden files.

Do please understand that if your wp-login.php has been blocked with this code it is because your site was under attack by bots trying to guess your passwords. We hate to make modifications to client accounts, however, in this case we have been forced to do so to ensure server stability.

If you have any questions at all about this do not hesitate to ask. If the question is specific to your account it is likely best if you open a new support ticket and reference this thread.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

I lost or forgot my cPanel or WHM password, how can I reset it?

Resetting your cPanel password is easy and can be handled directly by you without contacting...

How do I access my cPanel?

Accessing your cPanel directly You can get to your control panel by appending "/cpanel" on to...

How do I renew my domain registration?

To renew your annual domain registration go to and...

How do I cancel my hosting account?

To cancel your hosting service: Log into our Billing and Support System at...

Powered by WHMCompleteSolution