Protecting the backend hta code

  • Resolved cheaplt

    (@cheaplt)


    10 years, 3 months ago

    Hi Aitpro – Is it possible to protect my backend of wordpress. Like if i gave someone admin acesss for support.

    Currently i disabled File editing in wordpress. but Is it possible for them to still execute malicious code by uploading a file using the media/plugin uploader?
    Is there other vulnerabilities i should be aware of?

    And finally is it possible to fix those vulnerabilities by using the hta?

    I noticed your plugin comes with alot of security hta tweaks. I was wondering if these are included by chance.

    Thanks for reading, regards.

    https://www.ads-software.com/plugins/bulletproof-security/

Viewing 3 replies - 16 through 18 (of 18 total)
  • Thread Starter cheaplt

    (@cheaplt)

    Hi AIT, I was wondering if there was a snippet for restricting the entire admin area based on ip. If there is could you please help me with it and where to place it? Not sure if it matters but is it required to have my servers IP in this code aswell as my home networks IP? Let me know and thanks for reading!

    Thread Starter cheaplt

    (@cheaplt)

    I recently tried to install a plugin and when i go to the Add New plugin page i just get a 404, the IP i put in the code was mine so im not sure why its doing that. Would really appreciate getting that figured out. Thank you AIT!

    Plugin Author AITpro

    (@aitpro)

    You could use this Bonus Code: https://forum.ait-pro.com/forums/topic/protect-login-page-from-brute-force-login-attacks/ Your login page is your backend. ie in order to get into wp-admin you need to authenticate first.

    Or you could use BPS BackEnd Maintenance Mode.
    You would need to whitelist all of your ip addresses that need to have access.
    You should use 1, 2 or 3 octets of the ip addresses and not 4 octets since ip addresses change frequently.

    To troubleshoot the 404 error you will need to reverse engineer any custom htaccess code you are using to isolate which htaccess code is causing the problem. Once you find that out let me know which code it is.

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘Protecting the backend hta code’ is closed to new replies.