Since there are a limited number of contributors to my blog I've screened access to wp-login.php with the below code.
I've password-protected the admin directory and put a link to wp-login.php on a page in that directory.
I know... a referrer is easily spoofed. but it should keep scripted attempts at bay.
// Redirect if not referred by internal page
if (isset($_SERVER['HTTP_REFERER']))
{
$ref = $_SERVER['HTTP_REFERER'];
}
if ($ref != "http://www.myblog.org/admin/sitestats.php")
{
wp_redirect('http://www.myblog.org');
}suggestions for improvement?
