Hello David, this is the content on .htaccess # BEGIN WordPress <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ RewriteRule ^(.*)$ - [R=403,L] RewriteBase / RewriteRule ^index\.php$ - [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] </IfModule>
<FilesMatch wp-login.php> Order Deny,Allow Deny from all Allow from 192.169.8.4 </FilesMatch> # END WordPress but no success! On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidgue...@gmail.com>wrote: > Flop Allow and Deny so that your IP is whitelisted after the Deny from all. > > > > On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.c...@gmail.com> wrote: > >> Hello, >> I am trying to block a directory from being access except my IP but I had >> being unsuccessful in doing so, please help: First I place this in >> httpd.conf >> >> <Directory "/usr/local/www/apache22/data"> >> Options Indexes FollowSymLinks >> Options ALL -Indexes >> IndexIgnore * >> AllowOverride None >> Order allow,deny >> Allow from all >> RewriteEngine On >> RewriteBase / >> RewriteCond %{REQUEST_METHOD} POST >> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] >> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] >> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ >> RewriteRule ^(.*)$ - [R=403,L] >> RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] >> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] >> RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] >> RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] >> RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) >> RewriteRule ^(.*)$ index_error.php [F,L] >> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) >> RewriteRule .* - [F] >> RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] >> RewriteCond %{REQUEST_FILENAME} !-f >> RewriteCond %{REQUEST_FILENAME} !-d >> RewriteRule . /index.php [L] >> </Directory> >> >> I also tried this : on the / directory .htaccess >> <FilesMatch wp-login.php> >> Order Allow,Deny >> Allow from 192.168.8.4 >> Deny from all >> </FilesMatch> >> >> Is the wp-admin or wp-login.php script that I'm trying to protect from >> brute force attacks, >> >> Thanks, >> Motty >> > >