Hello,
I am trying to lock out wp-admin.php to all but a whitelist of ip addresses.
<Files wp-login.php>
require ip www.xxx.yyy.zzz
</Files>
This is ubuntu 16.04 LTS running apache 2.4.18, and php-fpm.
The "require ip www.xxx.yyy.zzz” all by itself blocks access for everyone
except for the ip address, so THAT part works.
Browser’s tested:
firefox with cache disabler enabled
chrome with cache killer enabled
Systems used to test:
one macbook air connected via my cell phone tether (verified not using
the same ip)
one macbook pro connected via my wifi (and connecting via the listed ip
address)
Here are the conditions I have tested:
I have tried this in both my virtualhost configuration as well as my .htaccess
file:
I have tried this with and without quotes around “wp-login.php”
I have tried this using FilesMatch "^/wp-login.php.*”
Its as if it’s A) completely ignoring the Files directive, or B) somehow the
filename doesn’t match.
What’s going on?
—jason
Jason Brooks Systems Administrator
eROI Performance is Art.
m: 505 nw couch #300 w: eroi.com <http://eroi.com/>
t: 503.290.3105 f: 503.228.4249
fb: fb.com/eROI <http://www.facebook.com/eROI>
