My wordpress site has been exploited, and I'm trying to enforce security.
Then I renamed my wp-admin dir to my_new_admin and blocked direct access to the login page, and want to allow login only from admin page.
But as you know the admin page load the login page, so it also block it.
Here it's what I did in my nginx server configuration
## Block direct access to the login page
location = /wp-login.php {
if ( $http_referer = https://www.mydomaind.com/my_new_admin) { return 200; }
access_log /var/log/nginx/blocked.log blocked;
deny all;
}
But I still have 403 forbiden error when my_new_admin tries to load the login page.
How can I achieve this in the a good way?
Aucun commentaire:
Enregistrer un commentaire