Feature Request | WordPress.org


So … we do have a sister plugin Deny All Firewall which works in conjunction with “Block wp-login”.

All “Block wp-login” does is obfuscate the login url.

With Deny All Firewall, you can lock /wp-admin/ down so that only successful logins are able to access any files within the Dashboard.

What you are suggesting wouldn’t actually work because if you had a whitelist list of IP addresses allowed to sign in then no other IP addresses would be able to sign in anyway so there wouldn’t be a requirement for a notification email. Furthermore, most users work on dynamic IP addresses (which is why Deny All Firewall updates a user’s IP address on login and if it changes during the session).

If you really want to lock your wp-login.php or /wp-admin/ down to a strict set of specified static IP addresses, it could be done but you’d need to make sure that assets that are required by normal visitors (like admin-ajax.php) are still accessible.

Let me know if I’ve not understood your requirement.


Understood, thanks for taking the time.


This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer