WordPress.org

Forums

[resolved] Block Ip's which hit certain landing page (4 posts)

  1. noroku
    Member
    Posted 11 months ago #

    I've done searches here "block ip for page" and couldn't quite find what I was looking for. I am using a plugin stack which redirects anyone who attempts to hit my login page to a custom 404 page separate of theme folder 404. All paths to access the login page are successfully redirected to the 404 page.

    Combined with that I have a two-step login which requires an authorization code. Combined with that.. if any user attemps to login with the wrong user name their IP is blocked. If they were to use the correct user name, after 3 failed attempts they are blocked.

    I would like to block any ip which hits my 404 redirect page. Any solutions someone would be so kind to share?

    I've been thinking of taking snippets from the code in the Login Lockdown plugin but I'd like some input first before I spent 3 or 4 days coding it myself. I have a little more than a basic knowledge of PHP.

    Thanks

  2. Altaf Hussain Patel
    Member
    Posted 11 months ago #

    http://kb.mediatemple.net/questions/1699/Block+a+specific+IP+address+from+accessing+your+website

    this post helps you and your code will be like this

    # allow all except those indicated here
    <Files *>
    order allow,deny
    allow from all
    deny from xxx.xxx.xxx.xxx
    deny from .*example\.com.*
    </Files>

    the one who go to your 404 page which is custom get the ip address of user using php and then append your .htaccess file with their ip address

  3. Daniel Cid
    Sucuri.net Support
    Posted 11 months ago #

    I love the level of paranoia there :)

    You can do that via .htaccess like Altaf said, or you can just add the IP address at the top of your .htaccess file with "deny from IP".

    However, I would recommend going into the other direction: You should block every IP address from visiting wp-login/wp-admin and only allowing the ones you trust.

    That way you don't need these complex steps and you increased your security posture by quite a bit. I give some examples about it here:

    http://blog.sucuri.net/2012/07/wordpress-and-server-hardening-taking-security-to-another-level.html

    thanks,

  4. noroku
    Member
    Posted 11 months ago #

    Thanks Altaf and Daniel!

    I was unsure of the logic behind ip blocking programatically. I'm a little new to the web realm.

    I would go the route of bocking every IP but my ISP using dynamic IP protocol. I will certainly block all IP's from wp-admin and wp-login once I can purchase a static IP from them.

    Thanks again!

Reply

You must log in to post.

About this Topic