Let .htacces block the subdomain except when it comes from another specific subdomain (for wp-admin security wordpress)

Question

Let .htacces block the subdomain except when it comes from another specific subdomain (for wp-admin security wordpress)

I came up with the idea to improve my Wordpress security.

The login page is always / wp -admin. So it's easy for hackers. I know that you can block / wp -admin calls except your own IP. But this is often not a solution, because you want to be able to download messages, etc. From somewhere else, not just home.

Isn't this the block / wp-admin solution, except the call is made from let say / secretlogin. And you allow / secretlogin to redirect to wp-admin. Will this work? If so, how can I do this using htaccess?

+3

security block wordpress .htaccess mod-rewrite

user2987394 Dec 10. 14 at 12:52

source to share

1 answer

Croises · Accepted Answer · 2014-12-10T14:08:39+0000

You can do it with .htaccess:

RewriteCond %{HTTP_REFERER} !^https?://www\.your_domain\.com/ [NC]
RewriteCond %{REQUEST_URI} ^/wp-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-login\.php [NC]
RewriteRule ^ /homepage.htm [R=302,L]

Finally, I used your method, which is easier to add. You need to use the link from the / secretlogin page.

Let .htacces block the subdomain except when it comes from another specific subdomain (for wp-admin security wordpress)

More articles: