[resolved] two factor authorization (1 post)

  1. deko
    Posted 5 years ago #

    Since there are a limited number of contributors to my blog I've screened access to wp-login.php with the below code.

    I've password-protected the admin directory and put a link to wp-login.php on a page in that directory.

    I know... a referrer is easily spoofed. but it should keep scripted attempts at bay.

    // Redirect if not referred by internal page
    if (isset($_SERVER['HTTP_REFERER']))
    	$ref = $_SERVER['HTTP_REFERER'];
    if ($ref != "http://www.myblog.org/admin/sitestats.php")

    suggestions for improvement?

Topic Closed

This topic has been closed to new replies.

About this Topic