Please note, I did this using a linux client on a linux server. My desktop is linux mint and the server is Centos. You can do it on Windows and OS/X but I can’t advise sorry. This is quick and dirty tutorial aimed at those familiar with command lines and server operation. You need SSH access to the server you are running your blog from.
My wordpress blog is getting blitzed with attempts on my wp-login.php file and wp-admin folder. I want to block all access to these areas unless it is coming from my computer.
I tried a number of methods, including but not limited to logging all attempts and adding them to my firewall or htaccess file. This is an ongoing task and not suitable for long term use.
I am on a dynamic IP that changes each time I log into the computer. So blocking by IP was not practical. However….
I now use a combination of SSH to create a proxy, foxyproxy to only use this proxy when navigating to my wordpress install and htaccess to block all ip’s except the servers IP.
Here is the list of steps to take.
1) Create the proxy.
create a file called ~/proxy.sh
add this line to it
ssh -C2qTnNv -D 8888 email@example.com
chmod o+x ~/proxy.sh
run the command
2) Install foxyproxy
add the following rules
Proxy Details, Tick the SOCKS proxy box and add 127.0.0.1 as the IP address and 8888 as the port number.
URL Patterns: as follows
3) Edit the /.htaccess file and add the following lines.
Deny from all
Allow from xxx.xxx.xxx.xxx
in the wp-admin directory create a .htaccess file and add the following.
AuthName “Access Control”
deny from all
# whitelist home IP address
allow from xxx.xxx.xxx.xxx
In both .htaccess files obviously replace the xxx.xxx.xxx.xxx with the ip address of your server.
Now when I access my blog login or wp-admin directory it goes through my proxy. If I forget to start the proxy first I get a proxy error message. Run the command ~/proxy.sh sorts this out.