An access control after such a long time-#2.

   About seven months ago, I made an Apache extra conf file “access-denied.conf” like this. Today, I’ve modified it to control accesses to the directory “wp-admin”.

   I opened the access-denied.conf and changed the text like this.

Old:
<Files “wp-login.php”>
  Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> New: <Files "wp-login.php">   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> <Directory "drive_DC:/WEB/htdocs/wp-admin">  <<--- drive_DC:/WEB/htdocs/ is my DocumentRoot.   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name   <Files "wp-admin-ajax.php">     Require all granted   </Files> </Directory>    I excluded the file "admin-ajax.php" from this deny rule, because the plugins which use the Ajax features need it (Ref:「Re: WordPress使いならこれだけはやっておきたい本当のセキュリティ対策10項目」). Actually, I examined plugins on my WordPress, and found some of them used the hook wp_ajax_(action). So, I needed to exclude the file from the rule.

   The rule works well. (^^)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.