Skip to content

Limit Access to WordPress Admin

This entry on the Internet Storm Center’s Handler’s Diary was about “Distributed WordPress admin account cracking” — scary stuff.

In the the article they suggest limiting the addresses from which the admin can be accessed. If you’re using Apache, here’s one way using the <Location> directive:

<Location /wp-admin>
   Order Deny,Allow
   Deny from all
   Allow from example.com 10.211.34.83
</Location>
<Location /wp-login.php>
   Order Deny,Allow
   Deny from all
   Allow from example.com 10.211.34.83
</Location>

Posted in Apache, Security, Tips and Tricks.

Tagged with , , , , .

No comments

By jtanium November 30, 2009

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.



Some HTML is OK

or, reply to this post via trackback.

« »