If you know the sub-net of your VPN you could restrict access to /wp-admin via .htaccess using standard Apache rules.
<Directory /var/www/wp-admin/>
Order deny,allow
Allow from 192.168.1.0/24
Allow from 127
</Directory>
Obviously you’d need to adjust the directory and IP address subnet to suit your needs.
To restrict access to a specific file:
<Files _FILE_.php>
Order allow,deny
Deny from all
Allow from 127.0.0.1
</Files>
Again you can use a sub-net mask to suit your VPN.
Related Posts:
- Can I rename the wp-admin folder?
- Change Login URL Without Plugin
- Share same domain for wp-admin but for different website
- Securing wp-admin folder – Purpose? Importance?
- Can I rename the wp-admin folder?
- Options for restricting access to wp-admin
- How to change “wp-admin” to something else without search-replacing the core?
- Block access to wp-admin
- Change WP-Login or WP-Admin
- Should I add the IP of the server that hosts my sites to the list of authorized IPs in the wp-admin/.htaccess?
- FORCE_SSL_ADMIN not working
- Limit access to wp_admin
- I want to disable login of admin (/wp-admin) with email and make it accessible only with username
- password reset link being sent as HTTP?
- How to Change The WordPress Login URL Without Plugin
- 404 redirect wp-login and wp-admin after changing login url [closed]
- Logout USER form backoffice after 30 minutes of inactivity [closed]
- Do I have to face security problems if I changing default role to Contributor
- Hide username discovery
- Efficient way to check local WordPress php files and Database for malicious code? [duplicate]
- Renaming wp-admin without hard-coding it. Is it really possible?
- Need help for WordPress User Session Management?
- Developer/Designer asking for admin access
- Is WordPress secure enough for a multi-user article directory?
- Can I rename the wp-admin folder?
- CSRF attack to create USER
- Can I rename the wp-admin folder?
- Why WordPress not logout after I have close my browser?
- How to protect wp-admin from third party access?
- Couple questions about .htaccess, login page, updates
- is exposed wp-admin site a serious security vulnerability
- Changing the ‘wp-admin’ URL to whatever I want
- Unit testing in the WordPress backend (is_admin() is true)
- Best way to present options for home page in admin?
- How can I improve the line break handling in the WYSIWYG editor?
- How do I change the login logo URL and hover title?
- js error on post editing page
- Remove “From computer” media tab for posts with existing attachments?
- Upgrade to SSL Breaks Admin Dashboard
- Disable slow media queries?
- Make sub menu items a main link in the admin menu using fuctions.php
- .htaccess rewrite rule for removing .php extension with exception of wp login and wp-admin
- Too many datadabse connections – upper ceiling mysql
- I can’t access my admin page after changing main url
- Redirect users away from Admin breaks ajax
- SSL Partially breaking admin panel and elementor
- From 403 error to 500 internal server error
- Woocommerce: Add column to ORDERS admin page with items purchased
- How to declutter admin columns
- Post Bulk Update
- wp_comments table really big casuing /wp-admin/edit-comments.php to slowly load
- How to make the front-end RTL without changing the admin panel language?
- sort tags by tag ID in admin panel
- WP admin user search doesn’t return all users
- Where are screen options when in admin on mobile?
- post-new.php?post_type=product is not loading properly
- wp-admin redirects to 404
- Generate PDF using tcpdf from WordPress admin side custom page [closed]
- Editor’s role in WP
- Minimum version for WordPress Backbone
- I accidentally deleted an admin user and all their content is now gone from the site. [closed]
- Is wp-admin/about.php required? Can i omit it from my website
- Site Crashes When Updating to WordPress (Version 3.6)
- can’t access backend while frontend works perfect
- How to add Extra Column of post Status in All post page
- WordPress Child theme fails to override parent theme css
- How can I control which plugins run in the dashboard?
- WP Admin Login keeps redirecting to login
- Admin menu success message
- CPU overload spam – redirect link to wp-admin and new post
- define two login page url
- Users can login to Website from wp-admin prior to confirmation email
- Admin Page access
- On Users (user.php) in wp-admin disable/hide “Bulk Actions” and “Change Role To”
- Add HTML to custom post type edit page
- WP site after login keeps redirecting to looped url [closed]
- How can I can I make changes to a WP project I pulled from GItHub?
- WordPress critical error on wp-admin page with 100% permissions
- WordPress Redirects to a cancelled domain, need to change it but can’t get to the admin portal
- WordPress Admin Login Issue
- Edit “Not Available” Page
- admin-ajax and external service interaction
- Add admin page to the top of the admin panel
- Add item to admin panel – w/o plugin & theme
- Wp-admin Redirection loop after moving to subdirectory
- Remove menu item dashboard for a unique user
- Reestablishing Automatic and Secure FTP Connection, Primary Domain Change
- Show only childs and grandchilds of certain post in admin
- WordPress logged in but no access to wp-admin
- Changed the path to wp-login and now can’t access WPress dashboard
- Why my login panel has a wrong language?
- Creating another wordpress site as sub-domain of a wordpress site
- Mixed content and expired session issues with SSL and wp-admin
- Limit access to wp-admin but still be able to log in from different locations?
- How to Filter in the “Add Media Popup” to show only “unattached” Media
- $current_screen if condition for a specific page in admin
- Working with post values in the admin panel
- wordpress login blank screen [closed]
- wp-admin blank page after admin login and all security off
- Can a wordpress admin see my failed Login attempts?