About seven months ago, I made an Apache extra conf file “access-denied.conf” like this. Today, I’ve modified it to control accesses to the directory “wp-admin”.
I opened the access-denied.conf and changed the text like this.
Old:
<Files “wp-login.php”>
Require ip xxx.xxx.xxx.xxx/xx <<--- my local IP addresses
Require host My wifi domain name
</Files>
New:
<Files "wp-login.php">
Require ip xxx.xxx.xxx.xxx/xx <<--- my local IP addresses
Require host My wifi domain name
</Files>
<Directory "drive_DC:/WEB/htdocs/wp-admin"> <<--- drive_DC:/WEB/htdocs/ is my DocumentRoot.
Require ip xxx.xxx.xxx.xxx/xx <<--- my local IP addresses
Require host My wifi domain name
<Files "wp-admin-ajax.php">
Require all granted
</Files>
</Directory>
I excluded the file "admin-ajax.php" from this deny rule, because the plugins which use the Ajax features need it (Ref:「Re: WordPress使いならこれだけはやっておきたい本当のセキュリティ対策10項目」). Actually, I examined plugins on my WordPress, and found some of them used the hook wp_ajax_(action). So, I needed to exclude the file from the rule.
The rule works well. (^^)
The recipe for sweet potato yōkan that I often made this fall. Ingredients Sweet potato…
After a long time, when I checked broken links and fixed them, I got an…
I made a box, so I prepare the contents. Theme and Plugins. The theme is…
Hehe, it's been almost a year since my last post. I received a notification email…
About a week ago, I finally started to renew my sites, which I had been…
This website uses cookies.