cheaplt

I recently tried to install a plugin and when i go to the Add New plugin page i just get a 404, the IP i put in the code was mine so im not sure why its doing that. Would really appreciate getting that figured out. Thank you AIT!

Hi AIT, I was wondering if there was a snippet for restricting the entire admin area based on ip. If there is could you please help me with it and where to place it? Not sure if it matters but is it required to have my servers IP in this code aswell as my home networks IP? Let me know and thanks for reading!

Oh alright, thats good to hear! Hey thanks a bunch. I’ll mark this ad resolved.

Alright thats great, i will tinker with this code. Thanks for making this possible. I think the next step is to some how protect my wp-config from bgeing accessed if they are admin rights in my admin dashboard. I am not sure of all the ways they can access that file or even if they can. Do you think i need to add onto URI restriction code to protect the wp-config? If i did how would i do that? I really appreciate your help on this subject, Thank you many times.

Okay great! I just realized if someone did want to hack me. They could use BPS and modify the HTA. Could you offer me the code to block them from BPS? BPS is so strong i cant let anyone tamper with it.
So glad this is possible! I tried to do it myself but i dont know if it’ll break my site, let me know if i did it right

# wp-admin IP Based URI Restriction
RewriteCond %{REQUEST_URI} (admin.php?page=bulletproof-security/admin/options.php|plugin-install\.php|plugin-editor\.php|media-new\.php) [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.9
RewriteRule ^(.*)$ - [F]

Is it also possible to copmpletely block all backend access by using this code

# wp-admin IP Based URI Restriction
RewriteCond %{REQUEST_URI} (wp-admin/) [NC]
RewriteCond %{REMOTE_ADDR} !^127\.0\.0\.9
RewriteRule ^(.*)$ - [F]

Exellent read, I setup the code with my IP, but could you advise me on where i would put this code in the Custom Code section of BPS.
Thanks for the support, Much appreciated.

Thank you for helping me secure those areas, i really appreciate it.

I’m super intrested on how this code works.
on this section of the code i can block access to any page by putting its permalink in there?
(

plugin-install

\.php|plugin-editor\.php|media-new\.php)
and on this section of the code it blocks access to a .php file?
(plugin-install\

.php

|plugin-editor\.php|media-new\.php)

Also in the case my IP changes often, how would a IP range code look like? And do you by chance know how to identify my IP range, is there some easy way to figure out that type of thing?

That is an excellent idea using conditional logic. That would provide a huge amount of detailed security. I am not sure of all the ways a person can malicious execute code in the backend but. By covering all of those grounds using conditional logic like that. It would be really nice to have that type of security. Please let me know what you come up with. Thanks for reading.

Alright, thanks for taking the time out man i appreciate it. I also did some further testing and found a php code to do the same thing but. the code has a really good chance to block Google Bots so i decided its not a good thing to put on my website since its a blogging site after all.

Hey, i also checked out your team’s website for the BPS plugin and i really like the plugin but im having a tough time understanding what additional security features i would get for purchasing the premium version. if you could explain to me please.

Alright thanks for clearing that up for me, and thanks for taking the time out to consider checking out the code.

Thanks for the link and instructions.
I was wondering since my site is https does that code work for me? the code shows http on it. I’m wondering if i have to change the code’s http to https. If it doesn’t matter let me know. Thanks for the swift reply.

No it never was resolved sorry.

That is a great idea, how would i do that? and is it possible to do with Hta? Thank you mate, this is very useful.

I do not want to make whole site https, i just need specific urls forced to run at https. my SSL certification is not fully secure because i have some urls running in http.

I am confused mate, your link doesn’t show me how to route specific http urls to an https. i look twice, could you please explain to me, sorry for inconvenience.