Login Security – a simple method

  • Resolved litody

    (@litody)


    9 years, 7 months ago

    This is not for everyone but I think for the vast majority of people it should work exceptionally well.

    My method of protecting against hackers attempting to log in to our wordpress site is as follows:

    Firstly:
    in the root folder of your wordpress installation ( the folder where you find wp-login.php ) you should find a .htaccess file. Edit (or create one if there isn’t one ) and put the following lines in it:

    <FilesMatch wp-login.php>
 Order deny,allow
 Deny from All
 allow from 123.123.123.123  #( this is the IP number you want to give access to )
</FilesMatch>

    you can add as many “allow from nnn.nnn.nnn.nnn” lines as you need for different IP numbers.
    This will stop everyone except those IP numbers from using your wp-login.php to get a login screen.

    Secondly:
    go into your wp-admin folder and create another .htaccess file and put the following lines in it:

    <Limit GET POST>
order deny,allow
deny from all
allow from 123.123.123.123
allow from 127.0.0.1
</Limit>

    again you can put as many “allow from nnn.nnn.nnn.nnn” lines in as you need.
    This will stop everyone except those IP numbers from issuing a GET or POST on everything in your WP-Admin folder and sub folders.

    the IP 127.0.0.1 is only required if you are running a test site on a local setup using localhost.

    The Pros:
    Highly effective and stops every hacker and robot in its tracks !!!
    You don’t need to mess with plugins.
    You don’t need to re-implement everytime you update wordpress version since the files don’t get overwritten. (they are not part of wordpress installation)

    The Cons:
    You must have access to your .htaccess file. i.e. an apache or derivative webserver.
    If you don’t have a static IP and are using a dynamic IP or wifi connect to get to wp-admin then it may not be for you. However, you can usually find the IP range/s that your ISP use and you can put those in to get round the problem that your IP may change. You can use CIDR IP range format so for example you can put:

    allow from nnn.nnn.0.0/16

    which limits access to a small range of known IPs from your ISP and shuts out the rest of the world.

    Wifi access away from office or home is probably a non starter for using this security methodolgy since IP could be anything. But from a home or office router wifi then it should work OK I think.

    Where it works best is for limiting access to only a handfull of known IP numbers or an office where everyone is on the same external IP number.

    We have only two peple who can use Admin. One in office which is using a dynamic IP so is set to range that ISP uses and my own which is static IP.

    Hope this was / is the right place to post this and that some may find it useful.

The topic ‘Login Security – a simple method’ is closed to new replies.

Tags