Substitute for wp-admin, 404 error
How do I make sure that when I go to the site/wp-admin address, the error 404 is displayed?
I tried to do this:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^192\.168\.28\.5$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
It is necessary that it returns a 404 error, and that the 404 error generated by wordpress is displayed. (to use the example I wrote above, it ignores all inserts of "get_header, get_sidebar" and so on).
You can't change the address in the address bar (for example: site/404.php). It should be like a standard practice wordpress’a.
4 answers
Have you tried this method? https://wordpress.org/support/topic/how-to-change-the-admin-url-or-wp-admin-to-secure-login
1 Add a constant to wp-confing.php
define('WP_ADMIN_DIR', 'secret-folder');
define('ADMIN_COOKIE_PATH', SITECOOKIEPATH . WP_ADMIN_DIR);
2 Add a filter to functions.php
add_filter('site_url', 'wpadmin_filter', 10, 3);
function wpadmin_filter($url, $path, $orig_scheme) {
$old = array("/(wp-admin)/");
$admin_dir = WP_ADMIN_DIR;
$new = array($admin_dir);
return preg_replace($old, $new, $url, 1);
}
3 Add a line to .htaccess file
RewriteRule ^secret-folder/(.*) wp-admin/$1?%{QUERY_STRING} [L]
It will be easier to install the plugin, there in my opinion only one check mark will need to be put in the settings. The name is Lockdown WP. Check the box: Yes, please hide WP Admin from the user when they aren't logged in. Below you can specify any other link to the Wordpress admin panel.
You can cling to the actions that are responsible for the output of the admin panel and authorization forms in the file wp-login.php
add_action('admin_init', 'admin_404');
add_action('login_init', 'admin_404');
//Ограничиваем доступ к админке WP
function admin_404()
{
global $wp_query;
if (!current_user_can('manage_options') || !is_user_logged_in()) {
if (!defined('DOING_AJAX') || !DOING_AJAX) {
$wp_query->set_404();
status_header(404);
$template = get_404_template();
if ($template = apply_filters('template_include', $template)) {
include($template);
}
wp_die();
}
}}
You need to open the wp-admin folder and create a new file there .htaccess In this file, just insert the code: Order Deny,Allow Deny from all Allow from ... (instead of ... specify your IP
If someone wants to go to the site/wp-admin/ will see the error 403.