| Hello, I am trying to lock out wp-admin.php to all but a whitelist of ip addresses. <Files wp-login.php> require ip www.xxx.yyy.zzz </Files> This is ubuntu 16.04 LTS running apache 2.4.18, and php-fpm. The "require ip www.xxx.yyy.zzz” all by itself blocks access for everyone except for the ip address, so THAT part works. Browser’s tested: firefox with cache disabler enabled chrome with cache killer enabled Systems used to test: one macbook air connected via my cell phone tether (verified not using the same ip) one macbook pro connected via my wifi (and connecting via the listed ip address) Here are the conditions I have tested: I have tried this in both my virtualhost configuration as well as my .htaccess file: I have tried this with and without quotes around “wp-login.php” I have tried this using FilesMatch "^/wp-login.php.*” Its as if it’s A) completely ignoring the Files directive, or B) somehow the filename doesn’t match. What’s going on? —jason
| ||||||||||||||||||||||
|