Wordpress插件Sucuri Security一直在通知随机IP正在尝试登录我的网站。我的.htaccess被设置为拒绝所有不属于我们的IP:
<Files wp-login.php>
order deny,allow
deny from all
allow from OUR.SPECIFIC.IP.ONLY
</Files>
<Files 403.shtml>
order allow,deny
allow from all
</Files>
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
IP是否能够绕过规则?如何以及如何阻止它?
答案 0 :(得分:0)
为了确保您可以使用此代码阻止访问/ wp-admin文件夹,该文件位于内部 / wp-admin .htaccess文件中。代码来自此处:https://codex.wordpress.org/Brute_Force_Attacks#Limit_Access_to_wp-admin_by_IP
# Block access to wp-admin.
order deny,allow
allow from x.x.x.x
deny from all
# Allow access to wp-admin/admin-ajax.php
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
有关通知含义的详细信息,请与插件的开发人员联系。