cgrymala/.htaccess Secret

## .htaccess
# BEGIN Custom Login Restriction
<Files wp-login.php>
# ==== ! Important ! ==== #
# Do not leave the regexps below as they are. You will need to modify them to match your
# 	internal IP addresses/ranges
# ==== ! Important ! ==== #

# Change the regexp below to match your internal IP addresses
# In this example, we're matching anything that begins with 255., and allowing any
# 	IP address within that range. You can modify the regexp as needed
# These lines are formatted as follows:
# 	SetEnvIf X-Forwarded-For [IP RegExp] [Variable Name]
SetEnvIf X-Forwarded-For ^255\.\d{1,3}\.\d{1,3}\.\d{1,3} AllowWPAdminAccess

# If you need to allow access from more than one range of IPs, you can specify
# 	alternative IP addresses/ranges through additional regexps
SetEnvIf X-Forwarded-For ^127\.\d{1,3}\.\d{1,3}\.\d{1,3} AllowAccessAlt

# Leave the following two lines exactly as they are
Order Deny,Allow
Deny from all

# Change the env=[varname] as necessary to match the variable names you
# 	assigned above.
# You can separate multiple variable names by using a space between them
# If you use any separator other than a space, this won't work properly
Allow from env=AllowAccessAlt env=AllowWPAdminAccess

# If you would like to point the user to a custom error page when they
# 	attempt to login from outside of your firewall, specify that here
# I have not tested enough to know whether this ErrorDocument directive
#	affects only unauthorized access to wp-login.php, or if it takes
#	over all 403 errors on the website. It should, theoretically,
#	only take effect when users attempt to access wp-login.php
ErrorDocument 403 /403.html
</Files>
# END Custom Login Restriction
	# BEGIN Custom Login Restriction
	<Files wp-login.php>
	# ==== ! Important ! ==== #
	# Do not leave the regexps below as they are. You will need to modify them to match your
	# internal IP addresses/ranges
	# ==== ! Important ! ==== #

	# Change the regexp below to match your internal IP addresses
	# In this example, we're matching anything that begins with 255., and allowing any
	# IP address within that range. You can modify the regexp as needed
	# These lines are formatted as follows:
	# SetEnvIf X-Forwarded-For [IP RegExp] [Variable Name]
	SetEnvIf X-Forwarded-For ^255\.\d{1,3}\.\d{1,3}\.\d{1,3} AllowWPAdminAccess

	# If you need to allow access from more than one range of IPs, you can specify
	# alternative IP addresses/ranges through additional regexps
	SetEnvIf X-Forwarded-For ^127\.\d{1,3}\.\d{1,3}\.\d{1,3} AllowAccessAlt

	# Leave the following two lines exactly as they are
	Order Deny,Allow
	Deny from all

	# Change the env=[varname] as necessary to match the variable names you
	# assigned above.
	# You can separate multiple variable names by using a space between them
	# If you use any separator other than a space, this won't work properly
	Allow from env=AllowAccessAlt env=AllowWPAdminAccess

	# If you would like to point the user to a custom error page when they
	# attempt to login from outside of your firewall, specify that here
	# I have not tested enough to know whether this ErrorDocument directive
	# affects only unauthorized access to wp-login.php, or if it takes
	# over all 403 errors on the website. It should, theoretically,
	# only take effect when users attempt to access wp-login.php
	ErrorDocument 403 /403.html
	</Files>
	# END Custom Login Restriction