two factor authorization

  • Resolved deko

    (@deko)


    14 years, 5 months ago

    Since there are a limited number of contributors to my blog I’ve screened access to wp-login.php with the below code.

    I’ve password-protected the admin directory and put a link to wp-login.php on a page in that directory.

    I know… a referrer is easily spoofed. but it should keep scripted attempts at bay.

    // Redirect if not referred by internal page
if (isset($_SERVER['HTTP_REFERER']))
{
	$ref = $_SERVER['HTTP_REFERER'];
}
if ($ref != "https://www.myblog.org/admin/sitestats.php")
{
	wp_redirect('https://www.myblog.org');
}

    suggestions for improvement?

  • The topic ‘two factor authorization’ is closed to new replies.