https://briansnelson.com/index.php?title=Restrict_Access_to_wp-login.php_and_xmlrpc.php&feed=atom&action=history
Restrict Access to wp-login.php and xmlrpc.php - Revision history
2024-03-28T20:08:14Z
Revision history for this page on the wiki
MediaWiki 1.24.1
https://briansnelson.com/index.php?title=Restrict_Access_to_wp-login.php_and_xmlrpc.php&diff=1043&oldid=prev
Brian: /* Multiple IP address access: */
2020-12-09T01:49:29Z
<p><span dir="auto"><span class="autocomment">Multiple IP address access:</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 01:49, 9 December 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 32:</td>
<td colspan="2" class="diff-lineno">Line 32:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-admin<ins class="diffchange diffchange-inline">(.*)</ins>$</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$</div></td></tr>
</table>
Brian
https://briansnelson.com/index.php?title=Restrict_Access_to_wp-login.php_and_xmlrpc.php&diff=1042&oldid=prev
Brian: /* Single IP address access: */
2020-12-09T01:49:19Z
<p><span dir="auto"><span class="autocomment">Single IP address access:</span></span></p>
<table class='diff diff-contentalign-left'>
<col class='diff-marker' />
<col class='diff-content' />
<col class='diff-marker' />
<col class='diff-content' />
<tr style='vertical-align: top;'>
<td colspan='2' style="background-color: white; color:black; text-align: center;">← Older revision</td>
<td colspan='2' style="background-color: white; color:black; text-align: center;">Revision as of 01:49, 9 December 2020</td>
</tr><tr><td colspan="2" class="diff-lineno">Line 19:</td>
<td colspan="2" class="diff-lineno">Line 19:</td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]</div></td></tr>
<tr><td class='diff-marker'>−</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$</div></td><td class='diff-marker'>+</td><td style="color:black; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REQUEST_URI} ^(.*)?wp-admin<ins class="diffchange diffchange-inline">(.*)</ins>$</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$</div></td></tr>
<tr><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteRule ^(.*)$ - [R=403,L]</div></td><td class='diff-marker'> </td><td style="background-color: #f9f9f9; color: #333333; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #e6e6e6; vertical-align: top; white-space: pre-wrap;"><div>  RewriteRule ^(.*)$ - [R=403,L]</div></td></tr>
</table>
Brian
https://briansnelson.com/index.php?title=Restrict_Access_to_wp-login.php_and_xmlrpc.php&diff=884&oldid=prev
Brian: Created page with "==Restrict Access to wp-login.php and xmlrpc.php== Wordpress Security alert!! Stop getting hacked by restricting access to wp-login.php and xmlrpc.php. Access your .htaccess..."
2016-04-14T15:12:14Z
<p>Created page with "==Restrict Access to wp-login.php and xmlrpc.php== Wordpress Security alert!! Stop getting hacked by restricting access to wp-login.php and xmlrpc.php. Access your .htaccess..."</p>
<p><b>New page</b></p><div>==Restrict Access to wp-login.php and xmlrpc.php==<br />
<br />
Wordpress Security alert!! Stop getting hacked by restricting access to wp-login.php and xmlrpc.php.<br />
<br />
Access your .htaccess file in your html directory<br />
<br />
vim /var/www/html/.htaccess<br />
<br />
===Now we have options:===<br />
<br />
You can get your ip address by visiting: https://briansnelson.com/ip/<br />
<br />
====Single IP address access:====<br />
<br />
Add the following, don't forget to replace the ip address with your own<br />
<br />
<IfModule mod_rewrite.c><br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]<br />
RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]<br />
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$<br />
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$<br />
RewriteRule ^(.*)$ - [R=403,L]<br />
</IfModule><br />
<br />
====Multiple IP address access:====<br />
<br />
Add the following, don't forget to replace the ip address with your own<br />
<br />
<IfModule mod_rewrite.c><br />
RewriteEngine on<br />
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]<br />
RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$ [OR]<br />
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$<br />
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$<br />
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$<br />
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.125$<br />
RewriteRule ^(.*)$ - [R=403,L]<br />
</IfModule><br />
<br />
Side note, I would also allow your server's ip address, as some wp-cron.php scripts require access to xmlrpc.php</div>
Brian