WordPress WP-admin IP检查和重定向
[英]WordPress WP-admin IP check and redirect
问题描述
I'm planning on using Wordpress on an upcoming project and the biggest question for me is security. 
我正计划在即将到来的项目中使用Wordpress,对我来说最大的问题是安全性。
I will be having several users who will be able to update the site and I've given myself several options. 我将有几个可以更新该网站的用户,并且给了我几个选择。 I can build a static web page and then have a 'blog' page that is using a WordPress install for that page only. 我可以构建一个静态网页,然后创建一个“博客”页面,该页面仅使用WordPress安装该页面。 This seems a bit excessive just for a blog feature, but it's an option. 仅对于博客功能而言,这似乎有点多余,但这是一个选择。
The other option I'm looking at is a full WordPress install to power the whole site. 我正在寻找的另一个选项是完整的WordPress安装,以为整个网站提供动力。 My big issue is blocking the /wp-admin from everyone but the people at a static IP that won't be changing. 我的大问题是阻止/wp-admin的所有人访问,但静态IP不会改变的人。 I'm thinking if I go this route I can use my .htaccess to check the IP and if it returns false, redirect it to the homepage. 我在想,如果我走这条路,我可以使用.htaccess来检查IP,如果它返回false,请将其重定向到首页。 If it is true, then continue on to the wp-admin login page. 如果为true,则继续进入wp-admin登录页面。
If I go with my second option, how do I use .htaccess to check the IP and if it returns false, redirect back to the homepage. 如果我选择第二个选项,则如何使用.htaccess来检查IP,如果它返回false,请重定向回首页。 And if it's true, continue to the WordPress login page. 如果是真的,请继续至WordPress登录页面。
Is this best starting point? 这是最好的起点吗?
<Location /wp-admin/>
order allow,deny
allow from 1.1.1.1
deny from all
</Location>
I appreciate any input ahead of time! 感谢您提前提出的建议!
3 个解决方案
解决方案1
1 2013-03-04 17:31:15
You cannot use Location in a .htaccess file. 您不能在.htaccess文件中使用“ Location 。 As you can see from the Context it is only allowed in the main server configuration file or in a virtual host section. 从Context可以看到,它仅在主服务器配置文件或虚拟主机部分中被允许。
Furthermore, you shouldn't use it for security, if wp-admin is a real directory in the file system 此外,如果wp-admin是文件系统中的真实目录,则不应将其用于安全性
<Location> Directive
<Location> sections operate completely outside the filesystem.
If you use Access control by host , the order should be 如果按主机使用访问控制 ,则顺序应为
Order deny,allow
Deny from all
Allow from 1.1.1.1
This ensures, that anybody is prohibited to access /wp-admin/ , except the given IP addresses or domains. 这样可以确保禁止任何人访问/wp-admin/ ,除了给定的IP地址或域。
解决方案2
0 2013-03-04 17:29:43
I think this is documented here: http://httpd.apache.org/docs/trunk/howto/auth.html 我认为这在这里记录: http : //httpd.apache.org/docs/trunk/howto/auth.html
You may need to couple it with this: http://httpd.apache.org/docs/2.2/howto/htaccess.html , and this: http://httpd.apache.org/docs/trunk/mod/mod_authz_core.html#require 您可能需要将其与此: http : //httpd.apache.org/docs/2.2/howto/htaccess.html以及此: http : //httpd.apache.org/docs/trunk/mod/mod_authz_core结合使用。 html#require
But, it appears that something like this could work: 但是,似乎可以执行以下操作:
<Directory /wp-admin/>
Require ip 192.168.1.104 192.168.1.205
</Directory>
Full disclosure: I'm guessing. 完全披露:我在猜测。
解决方案3
0 已采纳 2013-03-04 19:42:07
I was able to use what Olaf Dietsche wrote to lead me in the right direction. 我能够利用Olaf Dietsche的著作引导我朝正确的方向前进。 By putting the below code in my wp-admin folder instead of the root, I was able to control who had access to my url/wp-admin login and if they didn't match the allowed IP, then I redirect them back to the home page. 通过将以下代码放在我的wp-admin文件夹而不是根目录中,我可以控制谁可以访问我的url / wp-admin登录名,并且如果它们与允许的IP地址不匹配,则可以将其重定向回主页。
Options +FollowSymlinks
RewriteEngine on
#urls to exclude
RewriteCond %{REQUEST_URI} !/wp-admin$
RewriteCond %{REQUEST_URI} !^/images$
RewriteCond %{REQUEST_URI} !^/$
#ip to allow access
RewriteCond %{REMOTE_HOST} !^111\.111\.111\.111$
#send to root. If you want a specific URL, use /yourcustomurl.html
RewriteRule .? / [R=302,L]
I appreciate the input everyone. 感谢大家的投入。 And thank you much! 并非常感谢您!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.