192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php HTTP/1.1" 200 1085I am still able to get access from a different IP than the one allow in .htaccessas you suggest:<Files wp-login.php>order deny,allowDeny from allallow from 192.168.8.4</Files>On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidguerra@xxxxxxxxx> wrote:Try this format:<Files wp-login.php>order deny,allowDeny from allallow from xx.xxx.xx.xxallow from xx.xxx.xx.xx</Files>On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.cruz@xxxxxxxxx> wrote:
Hello David,this is the content on .htaccess# BEGIN WordPress<IfModule mod_rewrite.c>RewriteEngine OnRewriteCond %{REQUEST_METHOD} POSTRewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$RewriteRule ^(.*)$ - [R=403,L]RewriteBase /RewriteRule ^index\.php$ - [L]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</IfModule><FilesMatch wp-login.php>Order Deny,AllowDeny from allAllow from 192.169.8.4</FilesMatch># END WordPress
but no success!On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidguerra@xxxxxxxxx> wrote:
Flop Allow and Deny so that your IP is whitelisted after the Deny from all.On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.cruz@xxxxxxxxx> wrote:
Hello,I am trying to block a directory from being access except my IP but I had being unsuccessful in doing so, please help: First I place this in httpd.conf<Directory "/usr/local/www/apache22/data">Options Indexes FollowSymLinksOptions ALL -IndexesIndexIgnore *AllowOverride NoneOrder allow,denyAllow from allRewriteEngine OnRewriteBase /RewriteCond %{REQUEST_METHOD} POSTRewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC]RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$RewriteRule ^(.*)$ - [R=403,L]RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR]RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})RewriteRule ^(.*)$ index_error.php [F,L]RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)RewriteRule .* - [F]RewriteRule ^my-admin$ wp-login.php [L,NC,QSA]RewriteCond %{REQUEST_FILENAME} !-fRewriteCond %{REQUEST_FILENAME} !-dRewriteRule . /index.php [L]</Directory>I also tried this : on the / directory .htaccess<FilesMatch wp-login.php>Order Allow,DenyAllow from 192.168.8.4Deny from all</FilesMatch>Is the wp-admin or wp-login.php script that I'm trying to protect from brute force attacks,Thanks,
Motty
|