Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Shells Virtual Desktop
BMail.ag - Secure Email Service
Server.net
CPLicense.net
VPS Server
Buy VPN
Vultr
VMs for AI
HostDare
HostDare
ReliableSite White-Label Dedicated Hosting for Resellers
InterServer VPS
BMail.ag - Secure Email Service
Best VPN
High-Performance Bare Metal Server Solutions
Karvl.com
Server Mania Cloud Hosting
DataWagon Hosting
AlphaVPS Hosting
Evoxt.com
Clouvider
VPS Hosting with NVMe
Residential IPs in the US & 4G Mobile Proxies in EU & US with Unlimited Bandwidth
ReliableSite White-Label Dedicated Hosting for Resellers
Rabisu - Hosting Solutions
Shells Virtual Desktop

Categories

In this Discussion

Home Help
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

htaccess & wordpress

lustixlustix Member
in Help

Hello,

I know it is not a hosting specific question, but maybe somebody can help me anyway.

I am protecting my wp-login.php with a htaccess user+pass. I want to combine it with buddypress where users can also register and login to post some stuff. How can I combine this without intersecting it?

Comments

  • HarambeHarambe Member, Host Rep

    I don't think that's doable.. on sites where I can't lock down wp-login with IP access restrictions I just rate limit requests to wp-login.php and setup fail2ban.

    Thanked by 1lustix
  • JustAMacUserJustAMacUser Member

    Harambe said: I just rate limit requests to wp-login.php and setup fail2ban

    I also do this and it works well.

    Side note: Also deny xmlrpc.php if you don't have a specific use for it.

    Thanked by 1lustix
  • lustixlustix Member

    Okay, it seems like I have no other option. Thank you guys..

    @JustAMacUser said:

    Harambe said: I just rate limit requests to wp-login.php and setup fail2ban

    I also do this and it works well.

    Side note: Also deny xmlrpc.php if you don't have a specific use for it.

    The php file delivers: XML-RPC server accepts POST requests only.

    Should I somehow protect or delete it?

  • JustAMacUserJustAMacUser Member

    It's an entry point for a variety of attacks. If you don't need it, just block it with Nginx or Apache directives. If you delete the file it may just be recreated during an update or you might have to re-install it if you want to use it. Blocking at the web server is good. That, along with rate-limiting wp-login.php is a good start.

  • doughmanesdoughmanes Member

    https://wordpress.org/plugins/wp-limit-login-attempts/

Sign In or Register to comment.