|
May 19
2011
|
Secure Wordpress LoginPosted by bohemia in Untagged |
|
By default, the Wordpress backend uses the url mysite.com/wp-admin to access the dashboard. So, any username and password scanners can make allow the access to at least make an attempt. Changing the username from admin can help too.
A level of security is to allow only specified ip addresses to access the wp-admin directory.
To make the wp-admin only accessible from your pc you can add the following code into the .htaccess file within the wp-admin directory,
1) Add the following code to .htaccess,
AuthName "Admin Only"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</Limit>
To make the wp-admin only accessible from more than one ip address, add the following into the .htaccess file within the wp-admin directory,
AuthName "Admin Only"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
</Limit>
Now, if someone tries to access the wp-admin login they will get a page that displays the horrible message 'Internal Server Error'.To make the wp-admin only accessible from your pc you can add the following code into the .htaccess file within the wp-admin directory,
1) Add the following code to .htaccess,
AuthName "Admin Only"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
</Limit>
To make the wp-admin only accessible from more than one ip address, add the following into the .htaccess file within the wp-admin directory,
AuthName "Admin Only"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from xxx.xxx.xxx.xxx
allow from xxx.xxx.xxx.xxx
</Limit>
Show/Hide comment form