Let .htacces block subdomain except if came from other certain subdomain (for wp-admin security wordpress)

0 Views

I came op with an idea to improve my WordPress security.

The loginpage is always /wp-admin. So that’s easy for hackers. I know you can block al the calls to /wp-admin except from your own IP adress. But that’s often not a solution because you want to be able to upload posts etc. from everewhere, not just home.

Read More

Is it not a solution to block /wp-admin except if the call is made from let say /secretlogin. And you let /secretlogin redirect to wp-admin. Will this work?
If yes, how do I manage this with htaccess?

Post Views: 0

Related posts

Leave a Reply

1 comment

  1. You can do that with .htaccess:

    RewriteCond %{HTTP_REFERER} !^https?://www.your_domain.com/ [NC]
RewriteCond %{REQUEST_URI} ^/wp-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-login.php [NC]
RewriteRule ^ /homepage.htm [R=302,L]

    Finally I used your method is easier to add.
    You need to use a link from your /secretlogin page.