WordPress Hardening

WordPress Hardening

There are a few ways to secure your wordpress installation a bit better. If you have a fixed IP address, you can redirect all other visitors that try to call the login, the registration, the XMLRPC or the config directly back to the start page. Just add this code (at the end) to the .htaccess file of your root directory. Of course you should replace “1.1.1.1” with your IP address.

The hashtag disables individual statements and the IP 127.0.0.1 is that of your own server. This is intentionally unlocked here.

<If "%{REMOTE_ADDR} != '127.0.0.1' && %{REMOTE_ADDR} != '1.1.1.1'">
Redirect /xmlrpc.php https://www.lautenbacher.io
#Redirect /wp-cron.php https://www.lautenbacher.io
Redirect /wp-config.php https://www.lautenbacher.io
Redirect /wp-login.php https://www.lautenbacher.io
Redirect /wp-signup.php https://www.lautenbacher.io
</If>

You can secure your admin area via .htaccess with an extra password or you can use the same principle as above, just a bit different. To do this, create a new .htaccess file in the wp-admin directory again and enter there:

order deny,allow
deny from all
allow from 1.1.1.1

Leave a Reply

Your email address will not be published. Required fields are marked *