Title: Dahu73's Replies | WordPress.org
---
# Dahu73
[ ](https://wordpress.org/support/users/dahu73/)
* [Profile](https://wordpress.org/support/users/dahu73/)
* [Topics Started](https://wordpress.org/support/users/dahu73/topics/)
* [Replies Created](https://wordpress.org/support/users/dahu73/replies/)
* [Reviews Written](https://wordpress.org/support/users/dahu73/reviews/)
* [Topics Replied To](https://wordpress.org/support/users/dahu73/replied-to/)
* [Engagements](https://wordpress.org/support/users/dahu73/engagements/)
* [Favorites](https://wordpress.org/support/users/dahu73/favorites/)
Search replies:
## Forum Replies Created
Viewing 4 replies - 1 through 4 (of 4 total)
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] wp-login](https://wordpress.org/support/topic/wp-login-13/)
* Thread Starter [Dahu73](https://wordpress.org/support/users/dahu73/)
* (@dahu73)
* [11 years, 3 months ago](https://wordpress.org/support/topic/wp-login-13/#post-5696046)
* oups
* Can I add a rule like this ?
* RewriteRule ^(/actualite/)?wp-login?$ /actualite/
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] wp-login](https://wordpress.org/support/topic/wp-login-13/)
* Thread Starter [Dahu73](https://wordpress.org/support/users/dahu73/)
* (@dahu73)
* [11 years, 3 months ago](https://wordpress.org/support/topic/wp-login-13/#post-5696045)
* dwinden,
* [https://www.domain.com/actualite/tagadac](https://www.domain.com/actualite/tagadac)
work fine
so SSL is well enabled, and the slug work fine.
* I have no rewrite rule in my apache SSL conf about wp-login.
* My only pb is
[https://www.domain.com/actualite/wp-login](https://www.domain.com/actualite/wp-login)
or [https://www.domain.com/actualite/wp-login/](https://www.domain.com/actualite/wp-login/)
* don’t redirect to
[https://www.domain.com/actualite/tagadac](https://www.domain.com/actualite/tagadac)
* Can I add a rule like this ?
* RewriteRule ^(/actualite/)?wp-login?$ /actualite/tagadac
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] wp-login](https://wordpress.org/support/topic/wp-login-13/)
* Thread Starter [Dahu73](https://wordpress.org/support/users/dahu73/)
* (@dahu73)
* [11 years, 3 months ago](https://wordpress.org/support/topic/wp-login-13/#post-5696042)
* Thanks for your response.
I give you my htaccess file below :
* ```
# BEGIN iThemes Security
# BEGIN Hide Backend
# Rules to hide the dashboard
RewriteRule ^(/actualite/)?tagadac/?$ /actualite/wp-login.php [QSA,L]
# END Hide Backend
# BEGIN Tweaks
# Rules to block access to WordPress specific files
Order allow,deny
Deny from all
Order allow,deny
Deny from all
Order allow,deny
Deny from all
Order allow,deny
Deny from all
Order allow,deny
Deny from all
# Rules to disable XML-RPC
Order allow,deny
Deny from all
# Rules to disable directory browsing
Options -Indexes
RewriteEngine On
# Rules to protect wp-includes
RewriteRule ^wp-admin/includes/ - [F]
RewriteRule !^wp-includes/ - [S=3]
RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
RewriteRule ^wp-includes/[^/]+\.php$ - [F]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
RewriteRule ^wp-includes/theme-compat/ - [F]
# Rules to prevent php execution in uploads
RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]
# Rules to block unneeded HTTP methods
RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
RewriteRule ^(.*)$ - [F]
# Rules to block suspicious URIs
RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
RewriteCond %{QUERY_STRING} http\: [NC,OR]
RewriteCond %{QUERY_STRING} https\: [NC,OR]
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
RewriteCond %{QUERY_STRING} !^loggedout=true
RewriteCond %{QUERY_STRING} !^action=jetpack-sso
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
RewriteRule ^(.*)$ - [F]
# END Tweaks
# END iThemes Security
# BEGIN WordPress
RewriteEngine On
RewriteBase /actualite/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /actualite/index.php [L]
# END WordPress
```
* Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
In
reply to: [[Kadence Security – Password, Two Factor Authentication, and Brute Force Protection] wp-login](https://wordpress.org/support/topic/wp-login-13/)
* Thread Starter [Dahu73](https://wordpress.org/support/users/dahu73/)
* (@dahu73)
* [11 years, 3 months ago](https://wordpress.org/support/topic/wp-login-13/#post-5696017)
* Hi,
* Thanks for your help. I give you some response below
* >> Are you referring to /wp-login or /wp-login.php ?
[https://www.domain.com/wp-login](https://www.domain.com/wp-login)
[https://www.domain.com/wp-login/](https://www.domain.com/wp-login/) this 2 URL
still allows access to the WP login screen
* but it work for :
[https://www.domain.com/wp-login.php](https://www.domain.com/wp-login.php)
=> produce a 404
* >>make sure the “Enable the hide backend feature” checkbox is ticked
It’s ok
* >> Are you using any caching plugin ?
No. I’m on a preprod server
* >> Have you already tried clearing the browser cache ?
Yes. Local cache is clear.
* >> Also confirm you are using iTSec 4.5.10 (or higher) in WP 4.1
Version 4.6.2
in WP 4.1
* >>If possible please provide me with your URL.
Sorry. Not possible : not accessible
form external
Viewing 4 replies - 1 through 4 (of 4 total)