Hide wp-admin and wp-login.php from .htaccess

Question

I have the following in my .htaccess file

        RewriteRule ^(/)?access/?$ /wp-login.php [QSA,L]
        RewriteRule ^(/)?register/?$ /wplogin?action=register [QSA,L]
        RewriteRule ^wp-admin$ http://www.mywebsite.com/404.php [R=301,L]
        RewriteRule ^wp-login\.php$ http://www.mywebsite.com/404.php [R=301,L]

The problem is i achieved what i wanted...which is users not seeing the hideous "wp-login.php ............" in the browser also for security reasons i wanted to hide wp-admin.

But what happens is that the bottom rules overwrite whats at the top...once i remove the comments from the two last lines of code the login buttons go to the 404 page. I know it is possible to achieve what i want because ithemes did it with their plugin but because there are compatibility issues with it and my theme i have to stop using it but i want the feature to keep hiding "wp-admin" and "wp-login.php" without preventing www.mywebsite.com/access and www.mywebsite.com/register from working.

regards

Answer 1

Try replacing those 2 rules with:

RewriteCond %{THE_REQUEST} \ /+wp-(admin|login)
RewriteRule ^ /404.php [L,R=404]

If you match against the %{THE_REQUEST} variable, you'll match only what the browser requested, not what's been internally rewritten.

Answer 2

Maybe you should try this code for your .htaccess file

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax\.php
RewriteCond %{HTTP_REFERER} !^(.*)DOMAIN/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)DOMAIN/wp-login\.php
RewriteCond %{QUERY_STRING} !^KEY
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{QUERY_STRING} !^action=postpass
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^.*wp-admin/?|^.*wp-login\.php/not_found[R,L]

RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^$/wp-login.php?KEY[R,L]
</IfModule>