Did you replace the example Server/website IP address with your actual Server/website IP address?
Did you replace the example Public IP address with 3 octets of your actual Public IP address?
Did you replace example.com with your actual domain name?
I just realised I had to change the xxx to my IP now that you mentioned the IP address 🙁
I only just copied and pasted the code over and saved as requested.
My public IP is showing 4 octets rather than 3.
Replace the xxx below with my local IP?
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.$
Where goes the server IP?
HTTP/1\.0 [OR]?
This is the code I used, and there is no example.com written there:
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol or IP
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0 [OR]
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.$
RewriteRule ^(.*)$ – [F,L]
Yep, I thought it might be something like that. 😉 Since you have already disabled registrations then no need to add this code since no one can register to your site anyway. In other words, you’re already good to go so no need to add that code. 😉
Finally, I have done it now with the very first code at the top of the page.
It works fine as I have logged in and out through admin 🙂
Thanks for your time, it has been a very, very long day!
Wow 03.58 am! I haven’t slept and I will be going to work in a few hours.
Anyway, all done now!
It’s worth it. 🙂
Way to go! And get some shut eye. 😉
Thread Starter
Zaek
(@zaek)
In the section:
“CUSTOM CODE WP REWRITE LOOP START: Add www to non-www/non-www to www code here – You MUST copy and paste the entire WP REWRITE LOOP START section of code from your root .htaccess file into this text box first. You can then edit and modify the code in this text window and save your changes.”
This is where I put the better wp security re-write code. And above it I pasted this code:
(did not work,goes to super wp cache plugin dir)
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
So that I can get the white page of emptyness non-www to redirect to the correct www. Any suggestions for the correct use of code here?
Thread Starter
Zaek
(@zaek)
Actually, its working now with this code:
RewriteCond %{HTTP_HOST} !^(.*)\.entertxt\.com$ [NC]
RewriteRule ^(.*)$ http://www.entertxt.com/$1 [R=301,L]
and after I deleted cached pages from wp super cache.
I guess I rejoiced too soon.
For the past 2 hours I have been trying to login to my site through wp-admin but access denied.
I tried to amend as suggested through my server ftp manager, but not allowed to save changes to .htaccess files 🙁
I was able to login and out early this morning, but now, its not been possible.
What is the way out please help?
Thank you in advance.
FTP to your website and download the root .htaccess file and remove the IP address blocking code from your root .htaccess file. Upload the root .htaccess file back to your website. Some ISP’s change the 3rd octect in your Public IP address. That leaves you with either using only 2 octets of your Public IP address or just remove the IP based code altogether if your ISP is also changing the second octet of your Public IP address frequently.
3 octets: 99.88.77.
2 octets: 99.88.
Also if you are accessing your website from different locations with different IP addresses then you would need to add those additional IP addresses.
Allow from 99.88.77.
Allow from 66.55.44.
Allow from 33.22.11.
etc
I am accessing from the server file manager and it won’t let me save after deleting the code (permission denied).
Does it have to be ftp transfer?
I am still using the same IP address – location, computer as I did last night. So IP is still the same.
Nope your ISP will change your IP address frequently so it will not be the same 4 octet IP address consistently. It may be the same 3 octect IP address or it may not if your ISP changes the 3rd octet regularly. It may be the same 2 octet IP address or it may not if your ISP changes the 2nd octet regularly. This dynamic IP address assignment (DHCP) is a standard procedure done by all ISP’s (your Internet Service Provider).
Delete the root .htaccess file and log back into your website. Then activate Root folder BulletProof Mode again.
Well, I managed to reset the permission on the htaccess file and I have now deleted the code.
I’m now able to login to my website 🙂
What a pain, considering this has been going on since yesterday.
Both root and wp folders mode are now activated.
I guess I won’t have to use the code again if it is going to be playing up this way.
I have lost 3 hours of work time today 🙁
To hell with these HACKERS!
The code worked on them though, instead, I had spam mails rather than spam subscribers.
Thanks for helping out once again 🙂
Yep, this code is not for everyone. If your particular ISP changes the 3rd octet frequently then the Forum link that was posted above advises you not to use this code. 😉
