Protejare bruteforce WP .htaccess

gogusan · June 5, 2014

Un tutorial adresat incepatorilor si nu numai.

Avem un caz de bruteforce attack pe un wordpress.

Vom proteja directorul wp-admin utilizand .htaccess din acesta:

AuthType Basic
AuthName “PROTECTED”
AuthUserFile /calea/catre/.htpasswd
require valid-user

Pentru ca multe pluginuri folosesc un fisier ce se afla in directorul wp-admin si anume admin-ajax.php va trebui sa dam access la fisierul asta.

Vom adauga sub codul de mai sus:

<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

.htaccess final (din directorul wp-admin)


#protejam wp-admin
AuthType Basic
AuthName “PROTECTED”
AuthUserFile /calea/catre/.htpasswd
require valid-user

#dam acces la ajax
<Files admin-ajax.php>
    Order allow,deny
    Allow from all
    Satisfy any
</Files>

Sign In

Protejare bruteforce WP .htaccess

Recommended Posts

gogusan

Join the conversation

Browse

Activity

Pages