192.168.9.43 - - [12/Jun/2013:09:05:23 -0700] "GET /wp-login.php HTTP/1.1" 200 1085
I am still able to get access from a different IP than the one allow in .htaccess as you suggest: <Files wp-login.php> order deny,allow Deny from all allow from 192.168.8.4 </Files> On Wed, Jun 12, 2013 at 9:01 AM, David Guerra <imdavidgue...@gmail.com>wrote: > Try this format: > > <Files wp-login.php> > order deny,allow > Deny from all > allow from xx.xxx.xx.xx > allow from xx.xxx.xx.xx > </Files> > > > > On Wed, Jun 12, 2013 at 11:52 AM, motty cruz <motty.c...@gmail.com> wrote: > >> Hello David, >> >> this is the content on .htaccess >> # BEGIN WordPress >> <IfModule mod_rewrite.c> >> RewriteEngine On >> RewriteCond %{REQUEST_METHOD} POST >> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] >> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] >> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ >> RewriteRule ^(.*)$ - [R=403,L] >> RewriteBase / >> RewriteRule ^index\.php$ - [L] >> RewriteCond %{REQUEST_FILENAME} !-f >> RewriteCond %{REQUEST_FILENAME} !-d >> RewriteRule . /index.php [L] >> </IfModule> >> >> <FilesMatch wp-login.php> >> Order Deny,Allow >> Deny from all >> Allow from 192.169.8.4 >> </FilesMatch> >> >> # END WordPress >> >> but no success! >> >> >> >> On Wed, Jun 12, 2013 at 8:43 AM, David Guerra <imdavidgue...@gmail.com>wrote: >> >>> Flop Allow and Deny so that your IP is whitelisted after the Deny from >>> all. >>> >>> >>> >>> On Wed, Jun 12, 2013 at 11:20 AM, motty cruz <motty.c...@gmail.com>wrote: >>> >>>> Hello, >>>> I am trying to block a directory from being access except my IP but I >>>> had being unsuccessful in doing so, please help: First I place this in >>>> httpd.conf >>>> >>>> <Directory "/usr/local/www/apache22/data"> >>>> Options Indexes FollowSymLinks >>>> Options ALL -Indexes >>>> IndexIgnore * >>>> AllowOverride None >>>> Order allow,deny >>>> Allow from all >>>> RewriteEngine On >>>> RewriteBase / >>>> RewriteCond %{REQUEST_METHOD} POST >>>> RewriteCond %{HTTP_REFERER} !^http://(.*)?mydomain\.com [NC] >>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-login\.php(.*)$ [OR] >>>> RewriteCond %{REQUEST_URI} ^/(.*)?wp-admin$ >>>> RewriteRule ^(.*)$ - [R=403,L] >>>> RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR] >>>> RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR] >>>> RewriteCond %{QUERY_STRING} (\<|%3C).*iframe.*(\>|%3E) [NC,OR] >>>> RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR] >>>> RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2}) >>>> RewriteRule ^(.*)$ index_error.php [F,L] >>>> RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) >>>> RewriteRule .* - [F] >>>> RewriteRule ^my-admin$ wp-login.php [L,NC,QSA] >>>> RewriteCond %{REQUEST_FILENAME} !-f >>>> RewriteCond %{REQUEST_FILENAME} !-d >>>> RewriteRule . /index.php [L] >>>> </Directory> >>>> >>>> I also tried this : on the / directory .htaccess >>>> <FilesMatch wp-login.php> >>>> Order Allow,Deny >>>> Allow from 192.168.8.4 >>>> Deny from all >>>> </FilesMatch> >>>> >>>> Is the wp-admin or wp-login.php script that I'm trying to protect from >>>> brute force attacks, >>>> >>>> Thanks, >>>> Motty >>>> >>> >>> >> >