WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] two factor authorization (1 post)

  1. deko
    Member
    Posted 3 years ago #

    Since there are a limited number of contributors to my blog I've screened access to wp-login.php with the below code.

    I've password-protected the admin directory and put a link to wp-login.php on a page in that directory.

    I know... a referrer is easily spoofed. but it should keep scripted attempts at bay.

    // Redirect if not referred by internal page
    if (isset($_SERVER['HTTP_REFERER']))
    {
    	$ref = $_SERVER['HTTP_REFERER'];
    }
    if ($ref != "http://www.myblog.org/admin/sitestats.php")
    {
    	wp_redirect('http://www.myblog.org');
    }

    suggestions for improvement?

Topic Closed

This topic has been closed to new replies.

About this Topic