Skip to content

Instantly share code, notes, and snippets.

@barbwiredmedia
Last active April 6, 2017 18:55
Show Gist options
  • Save barbwiredmedia/bfb881453b1b6fba05f9c19b1b2092cf to your computer and use it in GitHub Desktop.
Save barbwiredmedia/bfb881453b1b6fba05f9c19b1b2092cf to your computer and use it in GitHub Desktop.
Htaccess WordPress permissions to lock down wp-login.php and other files
#Files
Options All -Indexes
<files .htaccess>
Order allow,deny
Deny from all
</files>
#WordPress
<files wp-login.php>
order deny,allow
allow from 76.91.2.45
allow from 24.120.171.231
allow from 68.104.48.103
allow from 74.4.133.204
deny from all
satisfy all
</files>
<files xmlrpc.php>
Order allow,deny
Deny from all
</files>
<files wp-activate.php>
Order allow,deny
Deny from all
</files>
<files wp-blog-header.php>
Order allow,deny
Deny from all
</files>
<files wp-config.php>
Order allow,deny
Deny from all
</files>
<files error_log>
Order allow,deny
Deny from all
</files>
<files wp-mail.php>
Order allow,deny
Deny from all
</files>
<files wp-settings.php>
Order allow,deny
Deny from all
</files>
@lyuan-levyonline
Copy link

lyuan-levyonline commented Apr 6, 2017

While WP Engine can password protect a site for us, unfortunately it causes problems with cron jobs as they are not able to enter the necessary authentication. It also affect plugins that requires cron (namely PHP Compatibility).

To bypass this, we need to set up our own password protection.

# Require authentication from all except traffic from Levy Online
AuthUserFile /path/to/web/root/.htpasswd
AuthName "Authentication Required"
AuthType Basic
Require valid-user
Require ip xxx.xxx.xxx.xxx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment