Create a gist now

Instantly share code, notes, and snippets.

@Nodws /htaccess
Last active Sep 9, 2016

What would you like to do?
wp-login.php brute force prevention
ErrorDocument 410 "Frankly, my dear, I don't give a damn.
#410 Gone with the wind.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(GET|HEAD|POST|PUT)$
RewriteCond %{HTTP_REFERER} !^http://(.*)?yourserver\.com [NC]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin(.*)$
RewriteRule ^(.*)$ - [R=410,L]
</IfModule>
Owner

Nodws commented Jul 9, 2014

ONLY allow access from yourserver.com, saving CPU, and server processing.

Create a Secret directory and INDEX file and have it redirect to /wp-admin

<script>
    top.location='/wp-admin/'
</script>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment