Question to Protect Dev Website

  • Resolved crissineon

    (@crissineon)


    3 years, 11 months ago

    Hello,
    i have a question regarding protection of my dev website. I have installed bps security already on my dev website. My webhost is using Apache 2.4. I would like to complete block access to my dev website, and allow just specific ips, for example my own ip and wordfence ips to be able to scan the dev page. But im not quite sure if the following hta code is correct, and im not sure where to place the code exactly in bps (under which point in root hta file)

    My example code (Apache 2.4) for Dev Page (Block All allow just specific)

    <IfModule mod_authz_core.c>
      <RequireAny>
        Require ip x.x.x.x
	Require ip x.x.x.x
      </RequireAny>
    </IfModule>

    Another question would be, how do i have to adapt the above code, to protect my prod page admin (wp-login.php)?

    Thanks a Lot!
    best regards
    Crissi

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter crissineon

    (@crissineon)

    Found yet another code for the prod website to protect wp-admin. Where to add the code in bps exactly? Is the following code correct? 

    # Protect wp-admin 
<FilesMatch "^(wp-login\.php|wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
<IfModule mod_authz_core.c>
Require all denied
Require ip x.x.x.x
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
Allow from x.x.x.x
</IfModule>
</IfModule>
</FilesMatch>

    thank you!

    Plugin Author AITpro

    (@aitpro)

    BPS has a feature called Custom Code located on the BPS Security > htaccess Core > Custom Code tabs page. There are 2 accordion tabs: Root htaccess File Custom Code and wp-admin htaccess File Custom Code. The BPS Custom Code feature allows you to add custom htaccess code or modify existing BPS htaccess code and save it permanently. When you activate BPS Root or wp-admin BulletProof Modes the htaccess code saved in BPS Custom Code is written into your Root and wp-admin htaccess files.

    You would add the first code that you posted in this BPS Root Custom Code text box: 14. CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE. I recommend that you use 2 or 3 octets of your Public IP address (ISP IP address) if your Public IP address is dynamic (changes every X days). If you have a static IP address (never changes) then add all 4 octets of your IP address.

    IP address octet Example:
    4 octets: 100.99.88.77
    3 octets: 100.99.88.
    2 octets: 100.99.

    To protect your production site Login page with IP address protection see this forum topic > https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/

    The second block of htaccess code that you posted is BPS standard htaccess code that is already included in the BPS Root htaccess file. To modify/edit the BPS standard Root htaccess code you would copy it to this BPS Root Custom Code text box: 13. CUSTOM CODE DENY BROWSER ACCESS TO THESE FILES, edit/modify it, click the Save Root Custom Code button and click the Root folder BulletProof Mode Activate button on the BPS Security Modes page.

    <FilesMatch "^(wp-config\.php|php\.ini|php5\.ini|readme\.html|bb-config\.php)">
<IfModule mod_authz_core.c>
Require all denied
#Require ip 127.0.0.1
</IfModule>

<IfModule !mod_authz_core.c>
<IfModule mod_access_compat.c>
Order Allow,Deny
Deny from all
#Allow from 127.0.0.1
</IfModule>
</IfModule>
</FilesMatch>
    Thread Starter crissineon

    (@crissineon)

    Hello,
    Thanks a Lot!
    best regards
    Crissi

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Question to Protect Dev Website’ is closed to new replies.