New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
htaccess & wordpress
Hello,
I know it is not a hosting specific question, but maybe somebody can help me anyway.
I am protecting my wp-login.php with a htaccess user+pass. I want to combine it with buddypress where users can also register and login to post some stuff. How can I combine this without intersecting it?
Comments
I don't think that's doable.. on sites where I can't lock down wp-login with IP access restrictions I just rate limit requests to wp-login.php and setup fail2ban.
I also do this and it works well.
Side note: Also deny
xmlrpc.phpif you don't have a specific use for it.Okay, it seems like I have no other option. Thank you guys..
The php file delivers: XML-RPC server accepts POST requests only.
Should I somehow protect or delete it?
It's an entry point for a variety of attacks. If you don't need it, just block it with Nginx or Apache directives. If you delete the file it may just be recreated during an update or you might have to re-install it if you want to use it. Blocking at the web server is good. That, along with rate-limiting
wp-login.phpis a good start.https://wordpress.org/plugins/wp-limit-login-attempts/