Difference between revisions of "Restrict Access to wp-login.php and xmlrpc.php"
From Brian Nelson Ramblings
(Created page with "==Restrict Access to wp-login.php and xmlrpc.php== Wordpress Security alert!! Stop getting hacked by restricting access to wp-login.php and xmlrpc.php. Access your .htaccess...") |
(No difference)
|
Revision as of 15:12, 14 April 2016
Contents
Restrict Access to wp-login.php and xmlrpc.php
Wordpress Security alert!! Stop getting hacked by restricting access to wp-login.php and xmlrpc.php.
Access your .htaccess file in your html directory
vim /var/www/html/.htaccess
Now we have options:
You can get your ip address by visiting: https://briansnelson.com/ip/
Single IP address access:
Add the following, don't forget to replace the ip address with your own
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$ RewriteRule ^(.*)$ - [R=403,L] </IfModule>
Multiple IP address access:
Add the following, don't forget to replace the ip address with your own
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$ RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.125$ RewriteRule ^(.*)$ - [R=403,L] </IfModule>
Side note, I would also allow your server's ip address, as some wp-cron.php scripts require access to xmlrpc.php