An access control after such a long time-#2.

   About seven months ago, I made an Apache extra conf file “access-denied.conf” like this. Today, I’ve modified it to control accesses to the directory “wp-admin”.

   I opened the access-denied.conf and changed the text like this.

Old:
<Files “wp-login.php”>
  Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> New: <Files "wp-login.php">   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name </Files> <Directory "drive_DC:/WEB/htdocs/wp-admin">  <<--- drive_DC:/WEB/htdocs/ is my DocumentRoot.   Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses   Require host My wifi domain name   <Files "wp-admin-ajax.php">     Require all granted   </Files> </Directory>    I excluded the file "admin-ajax.php" from this deny rule, because the plugins which use the Ajax features need it (Ref:「Re: WordPress使いならこれだけはやっておきたい本当のセキュリティ対策10項目」). Actually, I examined plugins on my WordPress, and found some of them used the hook wp_ajax_(action). So, I needed to exclude the file from the rule.

   The rule works well. (^^)

An access control after such a long time.

   Today, I set an access control for my wp-login.php after such a long time. The reason why I want the AWStats everyday report except for the number of unauthorized accesses for the file wp-login.php.

   About this, I’ve not care for a long time. Because, my sever applications are nearly always up-to-date and its user is just me. But recently, I have a lot of unauthorized accesses for the file wp-login.php than before. I think that the number of them increased after I wrote the post “Snow falling on my blog.“. It is too much and so boring.

   I made a file access-denied.conf like the following and put it into my Apache extra-conf directory. The file also includes some IP addresses I want to deny. Now, it works. Great!!

<Files “wp-login.php”>
Require ip xxx.xxx.xxx.xxx/xx  <<--- my local IP addresses </Files> <Directory "G:/WEB">   <<--- G:/WEB is my document root. <RequireAll> Require all granted   <<--- I forget to write here, so added on Mar.1st. Require not ip xxx.xxx.xxx.xxx/xx Require not ip yyy.yyy.yyy.yyy/yy </RequireAll> </Directory>

That is the question.

   I’m very confused these days. What? It’s about spam comments on /. This is a spam or not, that is the question. ;P

   Yesterday, I had a comment, and it was difficult to determine whether the comment was a spam or not. Though I installed Akismet, it reported it was not a spam and I also felt it wasn’t a spam from its contents. But when I examined it, it seemed a spam.

   Very confused.

   I determined to install a CAPTCHA Code feature for my comment form on /. I chose the plugin ‘SI Captcha Options’. Does it make a difference?