Separate WordPress Admin Panel with a Subdomain
制作・開発As your WordPress site grows in traffic and complexity, managing the admin panel separately from the main site can improve security and performance. One way to achieve this is by hosting your WordPress admin panel on a subdomain (e.g., admin.xyz.com
) while keeping the main site (e.g., www.xyz.com
) on a different server. In this post, we’ll walk you through the steps to set this up.
Why Separate the Admin Panel?
Before diving into the how let’s quickly cover the why. Separating your WordPress admin panel offers several benefits:
- Enhanced Security: Limiting access to the admin area through a subdomain can reduce the risk of brute-force attacks.
- Improved Performance: By hosting the admin panel on a separate server, you can dedicate resources specifically to the backend, ensuring that your public-facing site remains fast and responsive.
- Scalability: This separation allows you to scale the front end and back end independently as your site grows.
Step 1: Set Up the Subdomain
First, you need to create a subdomain for your admin panel.
- DNS Configuration: Log into your DNS provider’s control panel and create a new A record for
admin.xyz.com
. Point it to the IP address of the server where you plan to host the WordPress admin panel. - Server Setup: Ensure that your new server is ready to host a WordPress site. This includes having a web server (e.g., Apache or Nginx), PHP, and MySQL/MariaDB installed.
Step 2: Duplicate the WordPress Installation
Next, copy your existing WordPress installation to the new server.
- Copy Files: Transfer all WordPress files, including core files, themes, and plugins, from the main site (
www.xyz.com
) to the subdomain (admin.xyz.com
). You can do this via FTP/SFTP or a direct server-to-server transfer. - Database Configuration: Both the main site and the admin panel should use the same database. Copy the
wp-config.php
file from the main site to the admin subdomain and ensure it’s correctly configured to connect to the same database.
Step 3: Modify wp-config.php
for the Subdomain
To ensure the subdomain functions correctly as your admin panel, modify the wp-config.php
file on the new server.
- Set the Site URL:
define('WP_HOME', 'https://www.xyz.com');
define('WP_SITEURL', 'https://admin.xyz.com');
This tells WordPress to serve the admin panel fromadmin.xyz.com
while keeping the public site atwww.xyz.com
- Separate Cookies (Optional):
If you want to keep session cookies separate between the main site and the admin panel, add the following lines:define('COOKIE_DOMAIN', 'xyz.com');
define('ADMIN_COOKIE_PATH', '/');
define('COOKIEPATH', '/');
define('SITECOOKIEPATH', '/');
Step 4: Restrict Access on the Main Site
Now, you need to ensure that users attempting to access the admin panel from the main site are redirected to the subdomain.
Redirect Admin Access: On the main site server, edit the .htaccess
file (if using Apache) or the server configuration (if using Nginx) to redirect all /wp-admin
and /wp-login.php
requests to admin.xyz.com
.Example .htaccess
rulesRewriteEngine On RewriteCond %{REQUEST_URI} ^/wp-admin
RewriteRule ^(.*)$ https://admin.xyz.com/wp-admin/$1 [R=301,L]
RewriteCond %{REQUEST_URI} ^/wp-login.php
RewriteRule ^(.*)$ https://admin.xyz.com/wp-login.php [R=301,L]
Step 5: Security Considerations
With the basic setup complete, it’s time to think about security.
- SSL/TLS: Make sure that
admin.xyz.com
is secured with an SSL certificate. This is crucial for protecting login credentials and admin activities. - IP Restriction (Optional): For added security, consider restricting access to the admin panel by IP address. This can be done through the web server configuration.
Step 6: Test the Configuration
Finally, it’s time to test everything.
- Access the Admin Panel: Visit
admin.xyz.com/wp-admin
and ensure you can log in and manage your site as usual. - Test Redirects: Try accessing
www.xyz.com/wp-admin
andwww.xyz.com/wp-login.php
to ensure they redirect to the subdomain.
Conclusion
By following these steps, you can effectively separate your WordPress admin panel from the main site, hosting it on a subdomain and potentially on a different server. This setup can improve security, performance, and scalability, making it an excellent choice for larger or more complex WordPress installations.
Do you have any other WordPress optimization tips? E-mail me at eather@export-japan.co.jp