# BEGIN WordPress
RewriteEngine On
RewriteBase /
# replace ITSME with your own string
# and yourdomain.com with well….
# Is this a request for wp-login?
RewriteCond %{REQUEST_URI} ^/wp\-login\..*
# Check for the secret word
RewriteCond %{QUERY_STRING} .*ITSME=.*
# Set a cookie, so that all future requests will be auto-authenticated
RewriteRule ^.* /wp-admin/ [cookie=ITSME:true:.yourdomain.com:3600:/,R,L]
# Is this a request to the admin?
# comment out this line and you will be able to reach wp-login.php, but not anything in /wp-admin/ until you authenticate
RewriteCond %{REQUEST_URI} ^/wp\-login\..* [OR]
RewriteCond %{REQUEST_URI} ^/wp\-admin/.*
RewriteCond %{HTTP_COOKIE} !\bITSME\b
# Unathenticated, redirect to homepage with a disallowed indicator
RewriteRule ^.* /404.php [R,L]
log in using:
#http://www.yourdomain.com/wp-login.php?ITSME=true
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
see: http://www.mawhorter.net/web-development/securing-wordpress-a-passive-method-for-preventing-unauthorized-requests-to-wp-admin-and-wp-login-php for complete instructions.
Use htaccess to “hide” word press admin stuff
Jun, 23 -- Categories: Linux