Protect the wp-admin area with GeoDirectory

This topic contains 7 replies, has 4 voices, and was last updated by  Paolo 8 years, 1 month ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • February 21, 2017 at 7:47 pm #362984

    Ollie Stott
    Expired Member
    Post count: 60

    Hi – what would you recommend is the best method for protecting the wp-admin area from access to 3rd party users? We have tried limiting access using htaccess as follows but this interferes with the log in and log out function. Any thoughts?

    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteCond %{REMOTE_ADDR} !^IP Address One$
    RewriteCond %{REMOTE_ADDR} !^IP Address Two$
    RewriteCond %{REMOTE_ADDR} !^IP Address Three$
    RewriteRule ^(.*)$ – [R=403,L]

    February 21, 2017 at 8:07 pm #362986

    Kor
    Moderator
    Post count: 16516

    Hi Ollie,

    I’d suggest that you bring this question to the WordPress forums as there only you’ll get the best solution. https://wordpress.org/support/

    Thanks!

    February 21, 2017 at 9:06 pm #363005

    Ollie Stott
    Expired Member
    Post count: 60

    Thanks Kor – If I get a response, I will add it back on here for reference.

    February 21, 2017 at 10:27 pm #363032

    Guust
    Moderator
    Post count: 29970

    There should be no need other than:
    GD > General > General tab > Allow user to see wp-admin area > NO

    Thanks

    February 22, 2017 at 11:10 am #363103

    Ollie Stott
    Expired Member
    Post count: 60

    Thanks Guust.

    What I mean is that, because I can see it is a WordPress site from the source code, if I go to http://www.domain.com/wp-admin I would be able to attempt to hack. I have tried using ‘protect-wp-admin’ (https://en-gb.wordpress.org/plugins/protect-wp-admin/) but this interferes with user registration and login for Geodirectory and WooCommerce and it creates a constant redirect which breaks access.

    I’ve thought whether it could be controlled by restrict of IP but not found a method which protects admin as well as allowing access to users on frontend.

    February 22, 2017 at 6:51 pm #363189

    Paolo
    Site Admin
    Post count: 31211

    Hi,

    there are several security plugins that can help with that.

    WordFence being one of them. However the only hack anyone can attempt is a bruteforce attack and if your server is properly setup, it will lock out whoever attempt a bruteforce attack.

    We never used a security plugin and never been hacked. The most important thing is to use strong passwords and keep them safe.

    Thanks

    February 22, 2017 at 7:31 pm #363195

    Ollie Stott
    Expired Member
    Post count: 60

    Ok great – yes we are all set for brute force but there’s always more that can be done 😉

    Cheers Paolo

    February 22, 2017 at 7:40 pm #363199

    Paolo
    Site Admin
    Post count: 31211

    From the wp-admin, all they can do is attempt to find the admin password, unless the application installed has security flaws, in that case there is no plugin or .htaccess hack that will stop an attacker, until the bug is patched.

    Thanks

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
20% Discount Offer
Hurry! Get your 20% discount before it expires. Get 20% Discount