htaccess code for wp-login

[Topher]

I was asked what code I used to make wp-login.php forbidden. Put this
into your .htaccess file:

<Files wp-login.php>
deny from all
</Files>

and then when you go there it should be 403.

Topher

[Jarrod Pyper]

so... that makes it impossible to log into the site, for anyone?

-Jarrod

[Topher]

On 01/17/2014 01:31 PM, Jarrod Pyper wrote:
> so... that makes it impossible to log into the site, for anyone?

You didn't watch my presentation. :) Do this after you've installed
"Rename wp-login.php"

http://wordpress.org/plugins/rename-wp-login/

Then yes, it makes it impossible to log in at that URL for everyone.
Bots keep trying and get a 403 and humans go to the new login page that
you've told them about.

Topher

[Jarrod Pyper]

aw... yeah I didn't see it.

neat though!

-Jarrod

[Steve Colthorp]

Thanks Topher. I'm looking into adding: http://wordpress.org/plugins/custom-error-pages/ to make that 403 (and 401s as well) prettier. :)

Topher

--
You received this message because you are subscribed to the Google Groups "WordPress Grand Rapids (WPGR)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wpgr+uns...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[Steve Colthorp]

Topher, thanks for the info re: that plugin & it *not* being what I am looking for....
The creation of a 403.html page, placement of that HTML file at the root, then the reference to it in the .htaccess file via a line of code:

ErrorDocument 403 /403.html

worked like a charm.

[Brian Workman]

Hey Topher,

I know this is old, so not sure if you'll see it, but is there a big advantage to adding the code to make it a 403?  I did this for my multisite, and everything worked well.  However, it does give the 404 error, instead of 403.  I haven't added the .htacess code yet... was just curious what the motivation is.