Harga Domain .COM Termurah Hanya 99rb

Kunci WordPress admin login dengan .htaccess

Kamu dapat mengunci WordPress admin login dengan .htaccess rules untuk mencegah login yang tidak di inginkan.

If your WordPress access is blocked due to WordPress brute force attacks this will help.

Limit WordPress admin login attempts

Langkah berikut membantu kamu untuk membuat batasan login ke WordPress admin berdasarkan IP address, atau referrer.

    1. Log ke akun cPanel.
    2. Temukan Files category dan klik File Manager.
      cpanel
    3. Klik Settings di kanan atas.

cpanel

  1. Select the Document Root for your domain and be sure the checkbox next to Show Hidden Files is checked. Click the Save button.
    file-manager-show-hidden
  2. Lihat file .htaccess dan klik kanan. Kemudian akan muncul menu edit.
    file-manager-htaccess
  3. You might have a text editor encoding dialog box pop-up, you can simply click on Edit.
  4. There are a few ways to restrict access to your WordPress admin section using this .htaccess file.

    These rules should be placed at the very top of your .htaccess file to function properly.

    Restrict WordPress admin access via:

    Secondary WordPress admin .htaccess password(Recommended if your IP changes)

    A single IP address

    Multiple IP addresses

    Trusted referrers

    Single IP address access

    You can check your IP to get your computer’s IP address.

    If you are using CloudFlare or a DNS level filtering service, this method won’t work, you’ll want to setup a secondary WordPress .htaccess password for protection instead.

    To allow access from a single IP address, replace 123\.123\.123\.123 with your own IP address:

    Multiple IP address access

    You can check your IP to get your computer’s IP address.

    If you are using CloudFlare or a DNS level filtering service, this method won’t work, you’ll want to setup a secondary WordPress .htaccess password for protection instead.

    To allow access from multiple IP addresses, replace 123\.123\.123\.xxx with your own IP addresses:

    Dynamic IP address access, limit by referer

    If your IP address changes, you can protect your WordPress site by only allowing login requests coming directly from your domain name. Simply replace example\.com with your own domain name

    Most brute force attacks rely on sending direct POST requests right to your wp-login.php script. So requiring a POST request to have your domain as the referrer can help weed out bots.

  5. Wait at least 15-20 minutes, and try to login to your WordPress site again. If you try to access the WordPress dashboard within the 15 minute window of a block, this could extend the block longer. 

    It’s important to wait for the previous block to expire and be patient before attempting to access your WordPress site again.

You should now be blocking unauthorized WordPress admin login attempts utilizing .htaccess rules.

Baca Juga:  Google memperkenalkan Plugin WordPress Yang terintegrasi Analytics, Search Console
Harga Domain .WEB.ID Termurah Hanya 10rb

Di tulis oleh: