WordPress Two Factor Authentication (CMAUTH) - How To - Restrict User Login By Number of IPs

Restricting Users by Number of IPs

Back to User Guide

Restrict Accounts

By number of devices | By number of IPs

What is This Feature?

With the WordPress Two Factor Authentication plugin you can choose how many IP addresses are allowed for each user role.

How It Works:

  • You set how many IPs are allowed for each user role
  • When a user logs in, his IP is registered. The admin can manage all addresses from the user edit page
  • If the user tries to log in using a new IP and the IP quota is full, the attempt will be blocked
Example of the IP restriction - WordPress Login SMS Verification
Example of the IP restriction

Use Case: Only One IP At a Time

Let's say John Doe has an Editor role and access to sensitive information. On top of that, it's important to prevent other people from accessing his account and overwriting his work.

You can:

  • Enable "Restrict user IPs"
  • Limit the amount of IP addresses for Editor users
  • Set "Maximum number of IPs allowed to user" to 1

Now, John can only log in from one IP. The first time he logs in, his IP will be recorded and he only that IP will be allowed.


Head to Admin Dashboard → CM Secure Login → IP tab.

IP settings tab - 2 Factor Authentication for WordPress
IP settings tab
  • Restrict user IPs - Enables the feature.
  • User roles - Mark which roles will be affected.
  • Maximum numbers of IPs allowed by users - Choose a number, 1 or higher.
  • Accept only admin IPs - Only allows logins from specific IPs defined by the admin per each user. This means that login attempts from other IPs will be blocked even if more IPs slots are available.

    The IP list can be found while editing a user.

    List of allowed IPs - WordPress Two Step Authentication
    List of allowed IPs

Learn more below.

Specifying IPs For Each User - Details

You can also choose which IPs can log in to each user  account.

Start by editing that user from Admin Dashboard → Users → All Users → Edit the relevant user.  

Editing the user - WordPress Enable 2FA
Editing the user

Scroll down to the "CM Secure Login: IPs Protection" section. 

IPs protection section - How to Enable 2FA On WordPress
IPs protection section

If Accept only admin IPs is enabled, addresses not in the list will be automatically blocked

You can:

  1. Check how many IPs are allowed
  2. Enable or disable specific IPs and delete them from the list
  3. Add a new IP
  4. Save the current selection of IPs.

Trying to enable an invalid number of addresses will result in an error:

Error example - WordPress 2FA
Error example

More information about the WordPress Two Factor Authentication plugin

Other WordPress products can be found at CreativeMinds WordPress Store

Let us know how we can Improve this Product Documentation Page

To open a Support Ticket visit our support center
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.