我尝试做与apache配置相同的事情,但是对于Nginx(fastcgi)。 隐藏文件夹/ wp-admin / bot攻击。 m5K3H8d6是关键。
# HIDE LOGIN, REGISTER, ADMIN
# m5K3H8d6 is key "salt"
# wp-login = choice-login
RewriteRule ^choice-login/?$ /wp-login.php?m5K3H8d6 [R,L]
# wp-admin = choice-admin
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^choice-admin/?$ /wp-login.php?m5K3H8d6&redirect_to=/wp-admin/ [R,L]
#
RewriteRule ^choice-admin/?$ /wp-admin/?m5K3H8d6 [R,L]
# wp-login register = new-user
RewriteRule ^new-user/?$ /wp-login.php?m5K3H8d6&action=register [R,L]
#
RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax.php
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/wp-login.php
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/choice-login
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/choice-admin
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/new-user
RewriteCond %{QUERY_STRING} !^m5K3H8d6
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{QUERY_STRING} !^action=register
RewriteCond %{QUERY_STRING} !^action=postpass
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
# if old url message : try_again
RewriteRule ^.*wp-admin/?|^.*wp-login.php /try_again [R,L]
#
RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^.*$ /wp-login.php?m5K3H8d6 [R,L]
尝试成功后http://winginx.com/en/htaccess
# nginx configuration
location /choice-login {
rewrite ^/choice-login/?$ /wp-login.php?m5K3H8d6 redirect;
}
location / {
if ($http_cookie !~ "^.*wordpress_logged_in_.*$"){
rewrite ^/choice-admin/?$ /wp-login.php?m5K3H8d6&redirect_to=/wp-admin/ redirect;
}
if ($script_filename !~ "^(.*)admin-ajax.php"){
rewrite ^/.*wp-admin/?|^.*wp-login.php /try_again redirect;
}
if ($query_string ~ "^loggedout=true"){
rewrite ^(.*)$ /wp-login.php?m5K3H8d6 redirect;
}
}
location /choice-admin {
rewrite ^/choice-admin/?$ /wp-admin/?m5K3H8d6 redirect;
}
location /new-user {
rewrite ^/new-user/?$ /wp-login.php?m5K3H8d6&action=register redirect;
}
期望的目标是让隐形机器人访问wordpress的后端。
韩国社交协会