SHARE
TWEET

Htaccess passive protection for WordPress WP Admin

gonzague Apr 14th, 2013 511 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. RewriteEngine On
  2.  
  3. # Is this a request for wp-login?
  4. RewriteCond %{REQUEST_URI} ^/wp\-login\..*
  5.  
  6. # Check for the secret word
  7. RewriteCond %{QUERY_STRING} .*tennis=.*
  8.  
  9. # Set a cookie, so that all future requests will be auto-authenticated
  10. RewriteRule ^.* /wp-admin/ [cookie=tennis:true:DOMAIN.com:3600:/,R,L]
  11.  
  12. # Is this a request to the admin?
  13. # comment out this line and you will be able to reach wp-login.php, but not anything in /wp-admin/ until you authenticate
  14. RewriteCond %{REQUEST_URI} ^/wp\-login\..* [OR]
  15. RewriteCond %{REQUEST_URI} ^/wp\-admin/.*
  16. RewriteCond %{HTTP_COOKIE} !\btennis\b
  17.  
  18. # Unathenticated, redirect to homepage with a disallowed indicator
  19. RewriteRule ^.* /?disallowed=true [R,L]
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top