Changes I always make to WordPress

Posted for my re-use; so I can just cut/paste from this post after every WordPress update.

Due the the number of access requests for wp-login.php from ip-addresses that are clearly not authorised to use my wordpress installation I always insert at the top of the wp-login.php script the below lines to ensure even if someone does find wp-logon/php they cannot use it.

if ( ( $_SERVER['REMOTE_ADDR'] != "192.168.1.187" ) && ( $_SERVER['REMOTE_ADDR'] != "192.168.1.188" ) ) {
   echo 'wp-login can only be accessed from the internal network, you are on '.$_SERVER['REMOTE_ADDR'].'.

'; echo '...a link to the main website page here...'; die(); }

This ensures that even if someone gets past my rewrite blacklist scripts they still cannot logon to wordpress unless; unless they are physically using one of my two desktops of course.

Posted for my reference as every time I update wordpress, and it installs a new wp-login.php script, I have to redo these changes… as I have just had to do again, sigh.

About mark

At work, been working on Tandems for around 30yrs (programming + sysadmin), plus AIX and Solaris sysadmin also thrown in during the last 20yrs; also about 5yrs on MVS (mainly operations and automation but also smp/e work). At home I have been using linux for decades. Programming background is commercially in TAL/COBOL/SCOBOL/C(Tandem); 370 assembler(MVS); C, perl and shell scripting in *nix; and Microsoft Macro Assembler(windows).
This entry was posted in Unix. Bookmark the permalink.