Displaying 1 To 9 Of 9 Comments Update On My Use Of Limit Login Attempts P.S. At my first comment some code got stripped. Add “IfModule mod_rewrite.c” to the beginning of the htaccess code with opening less-than and closing greater-than signs. Add “/IfModule” to the end of the htaccess code with opening less-than and closing greater-than signs. » Posted By Bob On February 11, 2012 @ 10:38 PM How about hiding the keys to the kingdom through some handy htaccess obfuscation? Change the following variables in CAPS in the following code. This code assumes WordPress is installed at the site root. If you were to change WordPress Tavern’s login using the code and suggested variable, the new login url would be wptavern.com/login. Variables LOGINSLUG = to replace wp-login.php – can be something as simple as “login” htaccess CODE RewriteEngine On » Posted By Bob On February 11, 2012 @ 10:31 PM Always setup your admin user name with a 2 digit suffix like this: admin33. Hackers always assume it is admin so most times this alone will keep you safe. Then of course you will need a good strong password. Another thing I have just started using is a plugin called ecstatic. it is a stats plugin but does other things also such as login security. If you get a certain number of login hits per so many seconds then it will block any further attempts from that IP for 15 minutes. I have no affiliation with ecstatic, I just like it. » Posted By bob On February 11, 2012 @ 5:29 AM Good Guide On Avoiding Theme/Plugin Lock-In A pleasure Konstantin. I was going to include my url, but I assumed Jeffro would use his new toy to delete it :) » Posted By bob On January 13, 2012 @ 3:17 PM I found this out the hard way, as most are apt to do. And I think it’s a pity that theme developers don’t seem to be aware, or perhaps don’t give a damn about it. For instance, I like some of the premium themes out there, like Elegant, Woo, and such, but for a while, it was tedious to just switch between their own premium themes. And when creators rely too much on manipulation in code rather than rely on WP basics, that’s a recipe for disaster. To wit, the TimThumb debacle. How many themes are now dysfunctional because of that one. I would always recommend the best graphics, wrapped around the simplest theme. Thanks to Konstantin for bringing up something it seems we’ve all been thinking about. Perhaps with the exposure of the Tavern, more will take notice. » Posted By bob On January 13, 2012 @ 3:10 PM Avoid Hardcoding Your Copyright Information Good information for developers of course, but for us simple minded users who use other peoples themes, won’t this fix be rendered moot each time the theme developer updates the theme? Perhaps WordPress should have the forethought to include something like this in the core since it seems so very intuitive. Maybe you can mention it to your buddy Matt? » Posted By bob On January 2, 2012 @ 7:29 PM WPShout Releases Results Of Their Webhosting Survey I’m amazed that the post is still there. It was such a blatant, affiliate promotion. As you note, the numbers were hardly sufficient to make any judgments from and what judgments they made seemed to be pulled from their butts. A quick scan of most other WordPress forums, like the LinkedIn WordPress forum hosted by your buddy Matt, and you’ll find better numbers, statistics and opinions then they were able to gather. I’m just guessing, but I’d say these guys never took a statistics course. In fact, it’s likely algebra wasn’t their strong suit either. » Posted By bob On December 23, 2011 @ 5:26 PM Helllo there, I have the contact form in which i have a dropdown menu for the states. I was able to make my other fields mandatory, but I was not able to make the state field mandatory..can anyone please tell me where to put the ‘*” mark in this code, to make the dropdown menu of states mandatory…please help thank you in advance… State » Posted By bob On September 4, 2009 @ 5:21 PM Small Preview Of WordPress 2.8 Where can I get the bleeding edge nightly build? » Posted By bob On April 7, 2009 @ 2:52 PMComments Posted By bob
ADMINSLUG = to replace wp-admin – can be something as simple as “admin”
REGISTERSLUG = to replace wp-login.php?action=register – can be something as simple as “register”
SECRETKEY = like a password…use several characters…out of ideas use a password generator or portion of a WordPress salt key at https://api.wordpress.org/secret-key/1.1/salt/
SITEURL = the site url (e.g., wptavern.com)
RewriteBase /
RewriteRule ^LOGINSLUG wp-login.php?SECRETKEY [R,L]
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^ADMINSLUG wp-login.php?SECRETKEY&redirect_to=/wp-admin/ [R,L]
RewriteRule ^ADMINSLUG wp-admin/?SECRETKEY [R,L]
RewriteRule ^REGISTERSLUG wp-login.php?SECRETKEY&action=register [R,L]
RewriteCond %{HTTP_REFERER} !^(.*)SITEURL/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)SITEURL/wp-login\.php
RewriteCond %{HTTP_REFERER} !^(.*)SITEURL/LOGINSLUG
RewriteCond %{HTTP_REFERER} !^(.*)SITEURL/ADMINSLUG
RewriteCond %{HTTP_REFERER} !^(.*)SITEURL/REGISTERSLUG
RewriteCond %{QUERY_STRING} !^SECRETKEY
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^wp-login\.php not_found [L]
[select menu-695 "Alabama " "Alaska " "Arkansas " "Arizona " "California " "Colorado " "Conneticut " "Delaware " "Florida " "Georgia " "Idaho " "Illinois " .. ]
«« Back To Stats Page