From 87b4d35b58398e119c3d20e09b1460b7ce60413b Mon Sep 17 00:00:00 2001
From: ethicalhack3r <ryandewhurst@gmail.com>
Date: Tue, 17 Jul 2012 13:17:16 -0700
Subject: [PATCH] Added #22 thanks to @SourceFrenchy

---
 WordPress-Security-Tips.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/WordPress-Security-Tips.md b/WordPress-Security-Tips.md
index cf65f92..cec0a97 100644
--- a/WordPress-Security-Tips.md
+++ b/WordPress-Security-Tips.md
@@ -82,4 +82,8 @@ Attackers may use search engines to find potential vulnerable victims. By removi
 
 WordPress in recent versions uses the 'X-Frame-Options' HTTP header for privileged users to tell the browser where HTML frames are allowed to be loaded from. This isn't however set for unauthenticated users, allowing for potential [ClickJacking](https://www.owasp.org/index.php/Clickjacking) attacks.
 
+**22. IP whitelist the wp-login.php file.**
+
+Most administrative users login to their blog via the same IP address. By whitelisting access to the wp-login.php file you ensure that only specific IPs can access the wp-login.php file.
+
 **For further WordPress hardening tips see: [http://codex.wordpress.org/Hardening_WordPress](http://codex.wordpress.org/Hardening_WordPress)**
\ No newline at end of file