Any Using BulletProof Security on Bluehost Cloud server?

I do not know anything about that type of hosting, but in general htaccess code is designed/created for Apache Linux hosting/servers. There are conversion things you can use to convert that code into something Nginx can use/interpret. At some point we will create Nginx and IIS versions of the BPS htaccess files, but do not hold your breath since that has been on the Task List for 2 years now. ?? If the BPS htaccess code is not working on this hosting type then the simple solution is just to not use root and wp-admin htaccess files and just use the other security features in BPS. ie use Default Mode and deactivate wp-admin BulletProof Mode.

2) Anyone figure out how to restrict access to the WordPress login page on a shared server using Nginx (particularly Bluehost Cloud service)?

Wrong approach. Restricting access to a login page is an irritating stupid thing that will of course still be around for years to come. Does Google restrict access to a login page. No, of course not, they have real security measures in place to protect the login page.

And yes we have a forum topic that has code to do that dumb thing, which is marked for deletion. ??

Could you explain the reason you feel that restricting access to a login page is the wrong way to go? Why is it irritating stupid?

First, we created htaccess code that does that and we created it due to massive requests for that code. Basically “peer pressure”. The logic is this: if you have secured your login page with Login Security and some other form of bot protection such as a captcha then there is no need to try and restrict or hide a login page since it is secured against constant bot attacks. The only useful reason I can think of for restricting access to a login page would be if you are the only person that logs into the site and you do not allow or want anyone else to be able to register, login or post comments. If you secure the login page then you still would not need to do that.

Got it.

On most of the sites, I’m the only one who logs into the backend, which is why it’s been easier to restrict IPs than use a captcha form. Not so sure that it prevents anyone from posting comments when not required to register (do require a captcha, however).

Thanks for the quick response.

Well if no one else can register on your site and you are using the WP setting “only allow registered users to post comments” then they would not be able to post comments. In your case, using IP blocking for the login page may be appropriate, but unfortunately I do not have the Nginx equivalent code for that handy. there are lots of online conversion sites that will convert htacces code to Nginx usable code. So maybe that is the direction you may want to go in.

I’ll check that out. Thanks for the feedback. Most helpful.

Assuming all questions have been answered – thread has been resolved. If the issue/problem is not resolved or you have additional questions about this specific thread topic then you can post them at any time. We still receive email notifications when threads have been resolved.

Thread Start Date: 10-27-2015 to 10-28-2015
Thread Resolved/Current Date: 11-2-2015