stackoom
  简体   繁体   中英

How to enable Wordpress login only for 1 IP?

 原文  2016-08-10 06:29:52       php/ wordpress/ .htaccess

Question

I have installed Sucuri Security addon to my Wordpress site. And it tells me that there are failed login attepts (brute force) like this: 

Subject: Failed Login

Login Info:
Time: 10 sierpnia 2016 05:14


Website Info:
Site: URL
IP Address: 155.143.162.124

Notification:
User authentication failed: MY LOGIN
User wrong password:

So i would like to enable login to WP only from one IP address. I have added htaccess to my wp-admin folder like this: 

# Block access to wp-admin.
order deny,allow
allow from MY IP
deny from all

Also i have added htaccess to main folder to prevent wp-login.php access from other IPS like this: 

<Files wp-login.php>
            order deny,allow
            Deny from all
          allow from MY IP
</Files>

I have checked and if i have other IP i get forbidden page. But still Sucuri Security gives me info about brute force attempts.

Are there any other files i would need to lock out? Or some other method of login not using wp-login in Wordpress i should lock?

I don't want using any Firewall Proxy and so on. What i want is to prevent logging in from any IP except mine with PHP and htaccess. How to do it?

4 answers

solution1
 0 ACCPTED  2016-08-10 06:36:24

尝试受限制的站点访问插件可能符合您的需求。

solution2
 0  2016-08-10 06:39:56

Maybe you have some virus in your computer and they are accessing by your own ip... or are accessing by any other way that wp-login.php.

Are you checked that all is OK in your hosting (you dont have strange files there, for example). Also, if you dont need it, disable xmlrpc.php (I think it can be done at the sucuri plugin). And be sure all yours plugins and themes are clean.

Or some other method of login not using wp-login in Wordpress i should lock?

EDIT: xmlrcp can do that. And if you have infected files in your wordpress installation, also it can do that.

solution3
 0  2016-08-10 08:39:03

You can use php or .htaccess to restrict/redirect wp-login access

PHP 

add_action('init','_restrict_wp_login');
function _restrict_wp_login(){
    global $pagenow; 
    $allowed = '192.168.1.1'; // Allowed IP

    // GET USER IP
    if (!empty($_SERVER['HTTP_CLIENT_IP'])) $ip = $_SERVER['HTTP_CLIENT_IP'];
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    else $ip = $_SERVER['REMOTE_ADDR'];

    // If user is logged in or IP is allowed return
    if ( is_user_logged_in() || strpos($allowed, $ip ) !== false ) return;

    // redirect wp-login.php request to homepage, except logout
    if( 'wp-login.php' == $pagenow && $_GET['action'] != "logout") {
        wp_redirect( home_url() );
        exit();
    }
}

For .htaccess check this out https://codex.wordpress.org/Brute_Force_Attacks

solution4
 0  2016-08-10 10:41:56

You have to only add this to your .htaccess file 

    <files wp-login.php>
        order deny,allow
        #YOUR IP LIKE
        allow from 76.212.
        deny from all
    </files>

That's it

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to enable a wordpress plugin only on blog posts? How to enable php debug messages only for my ip? Login only redirect in Wordpress How to migrate Wordpress site with no domain (only IP url) How to enable curl on Wordpress Wordpress redirect to login page if ip is different How do I enable member login to a specific directory including sub-directories in wordpress WordPress: How to enable or disable taxonomies? How to enable images gallery in WordPress How to enable LDAP on a dockerized Wordpress?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM