WP-Mix

A fresh mix of code snippets and tutorials

Allow access to external IPs during development

When developing sites, an easy way to keep things private is to use .htaccess to restrict access based on IP address.

To keep your site private during development or maintenance, the following slice of .htaccess works magic:

# ACCESS CONTROL
<Limit GET POST>
	Order Deny,Allow
	Deny from all
	Allow from 123.456.789
</Limit>

This denies access to everyone except IP address 123.456.789, so edit that with your own and add the code to your site’s root .htaccess file. Then, to allow for other IP’s, such as that of your mobile ISP, you simply add another “Allow” condition, like so:

# ACCESS CONTROL
<Limit GET POST>
	Order Deny,Allow
	Deny from all
	Allow from 123.456.789
	Allow from 798.654.321
</Limit>

And you can add as many IPs as needed to get the job done. For example, I find it useful to allow access to the W3C validators and Gravatar.com (default gravatars don’t work otherwise). I also have a few trusted beta testers for which access is granted. I also make sure that my server’s IP is allowed, to prevent potential conflicts with scripts and such. So when it’s all said and done, my final “development access” code looks something like this:

# ACCESS CONTROL
<Limit GET POST>
	Order Deny,Allow
	Deny from all
	#
	# server IP
	Allow from 111.222.333
	#
	# local ISP
	Allow from 777.888.999
	#
	# mobile ISP
	Allow from 333.222.111
	#
	# beta testers
	Allow from 123.456.789
	Allow from 456.789.123
	Allow from 789.123.456
	#
	# Gravatar
	Allow from 207.198.112.
	#
	# W3C CSS & HTML validators
	Allow from 128.30.52.
</Limit>

Note that Gravatar.com changes, so you may need to check your server’s access logs to discover the latest/current IP. Here are some other Gravatar IP addresses:

#Allow from 68.232.35.121
Allow from 72.233.69.4
Allow from 72.233.69.5
Allow from 72.233.61.123
Allow from 72.233.61.125

Further reading

Learn more

.htaccess made easy