add ips to htaccess

sry —admin can u please edit out the ip address…i just noticed what I did…sry but my edit time is up and I cant do it now… ??

I took out what you posted from your site logs – please be more careful in the future as we generally don’t edit forum posts.

Ok thnx I did take them out of the part in the ‘code’ and took ips “xxxx” part but didn’t realize it was above there with the full ips.

I knew it was not good when i saw but i could not fix so I alerted a moderator to fix.

I will be more careful in future.

Givsuccess,

Thank you for all of the good ideas.

As far as sessions go, I use cookies instead in the next version. Sessions were causing too many problems. You should try to download the latest version at https://www.blogseye.com

I am not going to have the plugin add to htaccess. First, many people don’t use Apache so they don’t have htaccess files. Second, altering the htaccess file can break a system very easily. Perhaps I can make a function that will create the “DENY” statements that a use could paste into the htaccess file if they wanted.

I have been testing another security package that counts admin hits on login. It blocks them completely after 3 tries. I think that implementing this will just get me nasty email from locked out admins. I think it best to rename the admin user id and use htaccess to block the nasty offenders.

Keith

Glad to hear about changing the sessions to cookies. It dont really slow things down or anything its just annoying and my vps doesn’t seem to clean up them old files for some reason.

I just added one to a site to block some strange ips from amazon and found this tool to generate the deny part to put into the htaccess it is here: https://www.toshop. com/htaccess-generator.cfm

If i forget my login i usually just send reset em after 2-3 just to save time but i guess soem would get pissed. Its not like they dont have another way to get access they can just send em to reset like me.

Renaming the admin user is not easy ..i THINK uou have to go into the db to edit. I make sure I set it up NOT using admin as main username when i install a new WordPress site. It doesnt stop them from hitting the login to try though. Admin is fine as long as you use a pw with caps, lower cast, numbers and symbols like !@#THis-is_mY-Super-hArd-pw!@#

thnx for the reply

There is an admin userid changer plugin but it doesn’t work for MU (I am told).

I used one of the Security Scan plugins to change the admin name and it worked on MU.

I think it is an easy thing to change the userid and well worth the 5 minutes that it takes. I have seen 10,000 hits a day on one of my sites trying to guess the password. It is a dictionary attack, but my websites use a unique password with upper and lower case, numbers and punctuation, so I don’t think I am in much danger.

There is an old joke:
The warden comes to see a prisoner in jail who is naked except for a tall silk hat.
“Why aren’t you wearing any clothes?” asks the warden.
“Nobody ever comes in here”.
“Then why the tall silk hat?”
“The prisoner answers, “Somebody might!”.

Keith

lol good one!

I use very good pws on all my sites. The ones that do have admin I make very long and then create a new admin acc that I can pick name other than admin. I use that account and never the orignal one.

This p.i. does very good job with what was made for so I am happy.

I ment to mention b4 about if it was poss to be able to block/allow by country instead of ips I use cloudflare on a few client sites and it has a way to block by Country.

Thanks again for the answering…sry i cant think of a good joke rt now…lol