> ## Documentation Index
> Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Accelerate and Secure your Wordpress Installation

> ngrok improves your existing Wordpress installation by managing your TLS certificates, accelerating your blog on the global load balancer, and protecting it from DDoS attacks.

export const domain_0 = "https://your-blog.ngrok.app"

ngrok works out of the box with any up-to-date Wordpress installation where you have access to the host machine's terminal and filesystem.

ngrok improves your existing Wordpress installation by:

* Managing and auto-renewing your TLS certificates
* Distributing and accelerating your blog on a global content delivery network
* Protecting your blog from DDoS attacks with the firewall

## 1. Reserve a domain

Navigate to the [**Domains** section](https://dashboard.ngrok.com/domains) of the ngrok dashboard and click **New +** to reserve a free static domain like {<code>{domain_0}</code> || `https://your-service.ngrok.app`} or a [custom domain](/gateway/custom-domains/) you already own.

We'll refer to this domain as `$NGROK_DOMAIN` from here on out.

## 2. Create a Traffic Policy file

On the system where Wordpress runs, create a file named `wordpress.yaml` and paste in the following policy:

```yaml theme={null}
on_http_request:
  - actions:
      - type: add-headers
        config:
          headers:
            host: localhost
```

**What's happening here?** This policy rewrites the `Host` header of every HTTP request to `localhost` so that Wordpress accepts the requests.

## 3. Start your Wordpress endpoint

On the same system where Wordpress runs, start the agent on port `80`, which is the default for Wordpress, and referencing the `wordpress.yaml` file you just created.

```bash theme={null}
ngrok http 80 --url https://your-service.ngrok.app --traffic-policy-file wordpress.yaml
```

## 4. Try out your Wordpress endpoint

Visit the domain you reserved either in the browser or in the terminal using a tool like `curl`.
You should see the app or service at the port connected to your internal Agent Endpoint.

## Optional: Restrict access to the admin dashboard

The WP Admin dashboard is protected by a username and password, but is often subjected to attacks.
You can use the [`restrict-ips` Traffic Policy action](/traffic-policy/actions/restrict-ips/) to allow only yours or other trusted IPs.

Edit your `wordpress.yaml` file with the following policy, replacing `$YOUR_IP`.

```yaml theme={null}
on_http_request:
  - expressions:
      - "req.url.includes('/wp-admin')"
    actions:
      - type: restrict-ips
        config:
          enforce: true
          allow:
            - $YOUR_IP/32

  - actions:
      - type: add-headers
        config:
          headers:
            host: localhost
```

**What's happening here?** This policy first checks whether an HTTP request's URL contains the `/wp-admin` path. If it does, then it applies the `restrict-ips` action to allow only the addresses you explicitly added.
Then, as before, the policy rewrites the `Host` header of every HTTP request to `localhost` so that Wordpress accepts the requests.

Finally, restart your ngrok agent to apply the new policy.

```bash theme={null}
ngrok http 80 --url https://your-service.ngrok.app --traffic-policy-file wordpress.yaml
```

## What's next?

* Read more about [Traffic Policy](/traffic-policy) and its [core concepts](/traffic-policy/how-it-works).
* View your Wordpress traffic in [Traffic Inspector](https://dashboard.ngrok.com/traffic-inspector).
* Use the [`rewrite` action](/traffic-policy/actions/redirect) to create ["pretty" blog URLs](/traffic-policy/examples/url-rewrites/).