Advertisement
gonzague

Htaccess passive protection for WordPress WP Admin

Apr 14th, 2013
748
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.70 KB | None | 0 0
  1. RewriteEngine On
  2.  
  3. # Is this a request for wp-login?
  4. RewriteCond %{REQUEST_URI} ^/wp\-login\..*
  5.  
  6. # Check for the secret word
  7. RewriteCond %{QUERY_STRING} .*tennis=.*
  8.  
  9. # Set a cookie, so that all future requests will be auto-authenticated
  10. RewriteRule ^.* /wp-admin/ [cookie=tennis:true:DOMAIN.com:3600:/,R,L]
  11.  
  12. # Is this a request to the admin?
  13. # comment out this line and you will be able to reach wp-login.php, but not anything in /wp-admin/ until you authenticate
  14. RewriteCond %{REQUEST_URI} ^/wp\-login\..* [OR]
  15. RewriteCond %{REQUEST_URI} ^/wp\-admin/.*
  16. RewriteCond %{HTTP_COOKIE} !\btennis\b
  17.  
  18. # Unathenticated, redirect to homepage with a disallowed indicator
  19. RewriteRule ^.* /?disallowed=true [R,L]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement