Thread Starter
mrppp
(@mrppp)
maybe not 403 Forbidden Error Page on logout
maybe this remove the ip address seems to work
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0
RewriteRule ^(.*)$ - [F,L]
Plugin Author
AITpro
(@aitpro)
Source: http://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
Allow from 65.100.50.
Thread Starter
mrppp
(@mrppp)
So use `# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol or IP
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0 [OR]
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.$
RewriteRule ^(.*)$ – [F,L]`
and this bit `
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.$`
as you mention above use two octets
Thread Starter
mrppp
(@mrppp)
# Protect wp-login.php from Brute Force Login Attacks based on IP Address
<FilesMatch "^(wp-login\.php)">
Order Allow,Deny
# Add your website domain name
Allow from example.com
# Add your website/Server IP Address
Allow from 69.200.95.1
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
Allow from 65.100.50.
</FilesMatch>
Plugin Author
AITpro
(@aitpro)
You can use the original code you posted and then use either 2 or 3 octets depending on how many octets your ISP dynamically changes in your IP address. Usually you can use 3 octets and the 4th octet is the only thing that changes.
Thread Starter
mrppp
(@mrppp)
this gave a 403 error
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol or IP
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0 [OR]
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.$
RewriteRule ^(.*)$ - [F,L]
but this was ok
# Protect wp-login.php from Brute Force Login Attacks based on Server Protocol or IP
# All legitimate humans and bots should be using Server Protocol HTTP/1.1
RewriteCond %{REQUEST_URI} ^/wp-login\.php$
RewriteCond %{THE_REQUEST} HTTP/1\.0 [OR]
RewriteRule ^(.*)$ - [F,L]
is the latter what you refer to as Server Protocol based Brute Force Login Protection code
Plugin Author
AITpro
(@aitpro)
did you add your IP address?
Plugin Author
AITpro
(@aitpro)
This is the code we use on several testing websites. You do not even need to use the Server Protocol condition if you are blocking by IP address since only your IP address range is allowed to access the Login page.
# Protect wp-login.php from Brute Force Login Attacks
<FilesMatch "^(wp-login\.php)">
Order Allow,Deny
# Add your Domain
Allow from ait-pro.com
# Add your Server/Website IP Address
Allow from 173.201.92.1
# Add your Public/ISP IP Address
Allow from x.x.x.
</FilesMatch>
Thread Starter
mrppp
(@mrppp)
thanks so Allow from 173.201.92.1 is my server IP (ip obviously different)
and this Allow from x.x.x. my ip with two or three octets
say eg
Allow from 31.53.
Plugin Author
AITpro
(@aitpro)
Yes, that is our Server/Website IP address. Add your Server/Website IP address instead. You will find that on the BPS System Info page.
Yes, that is 2 octets.
