AWS S3 bucket webhosted using Github Action
Github Action for deployment of Static-website to AWS S3 Bucket
Everything you need to know about ...
This instruction will guide you through hiding wp-admin login page from Bruteforce 1 attackers.
404 error file:
Place these line of code in 404 error page. So when the attacker try to attempts to load wp-admin page. The page will load to error page which can display the ip address.
This is because, attacker IP address is blocked from root .htaccess file.
Now let’s jump to .htaccess file how this is setup.
<?php
$ip = $_SERVER['HTTP_CLIENT_IP']?$_SERVER['HTTP_CLIENT_IP']:($_SERVER['HTTP_X_FORWARDED_FOR']?$_SERVER['HTTP_X_FORWARDED_FOR']:$_SERVER['REMOTE_ADDR']);
echo $ip;
?>
Open .htaccss
file and add the code lines.
#
order allow,deny
allow from 255.0.0.0
deny from 123.45.6.
allow from all
allowed access (Replace with your IP Address)
disabled IP address starting first three decimal 123.45.6.
rest of others can access
Rewrite Engine
: Add the codes to your htaccess file and repace the IP address !^103\.63\.25\.52
with your IP address.
#Only allow wp-login from this ip address
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^103\.63\.25\.52$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
REQUEST_URI
for wp-admin and wp-login are only given permission to IP address 103.63.25.52
only.#Only allow wp-login from this ip address
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^103\.63\.25\.52$
RewriteCond %{REMOTE_ADDR} !^103\.63\.25\.35$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
Now access to wp-admin is only given to 103.63.25.52
and 103.63.25.35
.