-
-
Save cgrymala/a8032db5e994da02d4cc to your computer and use it in GitHub Desktop.
Blocking access to wp-login.php in an nginx->apache environment
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# BEGIN Custom Login Restriction | |
<Files wp-login.php> | |
# ==== ! Important ! ==== # | |
# Do not leave the regexps below as they are. You will need to modify them to match your | |
# internal IP addresses/ranges | |
# ==== ! Important ! ==== # | |
# Change the regexp below to match your internal IP addresses | |
# In this example, we're matching anything that begins with 255., and allowing any | |
# IP address within that range. You can modify the regexp as needed | |
# These lines are formatted as follows: | |
# SetEnvIf X-Forwarded-For [IP RegExp] [Variable Name] | |
SetEnvIf X-Forwarded-For ^255\.\d{1,3}\.\d{1,3}\.\d{1,3} AllowWPAdminAccess | |
# If you need to allow access from more than one range of IPs, you can specify | |
# alternative IP addresses/ranges through additional regexps | |
SetEnvIf X-Forwarded-For ^127\.\d{1,3}\.\d{1,3}\.\d{1,3} AllowAccessAlt | |
# Leave the following two lines exactly as they are | |
Order Deny,Allow | |
Deny from all | |
# Change the env=[varname] as necessary to match the variable names you | |
# assigned above. | |
# You can separate multiple variable names by using a space between them | |
# If you use any separator other than a space, this won't work properly | |
Allow from env=AllowAccessAlt env=AllowWPAdminAccess | |
# If you would like to point the user to a custom error page when they | |
# attempt to login from outside of your firewall, specify that here | |
# I have not tested enough to know whether this ErrorDocument directive | |
# affects only unauthorized access to wp-login.php, or if it takes | |
# over all 403 errors on the website. It should, theoretically, | |
# only take effect when users attempt to access wp-login.php | |
ErrorDocument 403 /403.html | |
</Files> | |
# END Custom Login Restriction |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment