admin管理员组文章数量:1287878
I am receiving many requests to my wp-login.php and xmlrpc file, now I just set up an htaccess to prevent requests to xmlrpc, but how do you suggest me to block wp-login?
thanks
I am receiving many requests to my wp-login.php and xmlrpc file, now I just set up an htaccess to prevent requests to xmlrpc, but how do you suggest me to block wp-login?
thanks
Share Improve this question edited Oct 4, 2016 at 18:06 sdexp 1952 silver badges11 bronze badges asked Apr 28, 2016 at 12:02 Sam ProvidesSam Provides 1,1952 gold badges9 silver badges10 bronze badges 1- 2 I think I found myself an answer here... codex.wordpress/Brute_Force_Attacks – Sam Provides Commented Apr 28, 2016 at 12:12
3 Answers
Reset to default 1Additionally to using htaccess, you can disable the XML-RPC function by adding the following to your child theme's functions.php:
# Set XML-RPC features to false
add_filter( 'xmlrpc_enabled', '__return_false' );
add_filter( 'pre_option_enable_xmlrpc', '__return_zero' );
Try it to paste in your .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\ [NC]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
Replace example to your domain name.
Actually, I advise to you protection plugin, like iThemes Security. It has the excellent feature: to hide wp-login.php and instead, you can set custom url for login (and hackers cant find that url, of course, if you wont reveal that link in internet).
本文标签: htaccessAttach to wploginphp and xmlrpcphp
版权声明:本文标题:htaccess - Attach to wp-login.php and xmlrpc.php 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741331747a2372803.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论