Today, I set an access control for my wp-login.php after such a long time. The reason why I want the AWStats everyday report except for the number of unauthorized accesses for the file wp-login.php.
About this, I’ve not care for a long time. Because, my sever applications are nearly always up-to-date and its user is just me. But recently, I have a lot of unauthorized accesses for the file wp-login.php than before. I think that the number of them increased after I wrote the post “Snow falling on my blog.“. It is too much and so boring.
I made a file access-denied.conf like the following and put it into my Apache extra-conf directory. The file also includes some IP addresses I want to deny. Now, it works. Great!!
<Files “wp-login.php”>
Require ip xxx.xxx.xxx.xxx/xx <<— my local IP addresses
</Files>
<Directory “G:/WEB”> <<— G:/WEB is my document root.
<RequireAll>
Require all granted <<— I forget to write here, so added on Mar.1st.
Require not ip xxx.xxx.xxx.xxx/xx
Require not ip yyy.yyy.yyy.yyy/yy
</RequireAll>
</Directory>