wordpress .htaccess security mod-rewrite block

Let .htacces block subdomain except if came from other certain subdomain (for wp-admin security wordpress)

I came op with an idea to improve my Wordpress security.

The loginpage is always /wp-admin. So that's easy for hackers. I know you can block al the calls to /wp-admin except from your own IP adress. But that's often not a solution because you want to be able to upload posts etc. from everewhere, not just home.

Is it not a solution to block /wp-admin except if the call is made from let say /secretlogin. And you let /secretlogin redirect to wp-admin. Will this work? If yes, how do I manage this with htaccess?

Solution

You can do that with .htaccess:

RewriteCond %{HTTP_REFERER} !^https?://www\.your_domain\.com/ [NC]
RewriteCond %{REQUEST_URI} ^/wp-admin [NC,OR]
RewriteCond %{REQUEST_URI} ^/wp-login\.php [NC]
RewriteRule ^ /homepage.htm [R=302,L]

Finally I used your method is easier to add. You need to use a link from your /secretlogin page.

I want to remove index.php in the link
Update Booking status to confirmed for cod orders in WooCommerce
Woocommerce add to cart button redirect to checkout
Notice: ob_end_flush(): failed to send buffer of zlib output compression (1) in
How to fix Lighthouse “Links do not have a discernible name”
Image height and width not working?
How do I transfer all child elements to a group div wrappers recursively in jquery?
Issue with Displaying Custom Post Types in WordPress Loop
Adding fancy box to a WP theme
Debug Plugin Installation?
Create shortcode to show specific nav menu depending on product category
Get multiple values from checkbox with jquery
WooCommerce order status hook not triggering
wp_mail wordpress html with style not aplying
How to change title when toggle is active in Elementor Page Builder
How can I get a post by title in Wordpress?
Access denied for user 'root@localhost' (using password:NO)
Woocommerce not using the right templates
Wordpress blog is now showing Install page ? the db is still there and wp-config has correct details
Get WordPress version from meta tag with name="generator"
preg_replace regular expression HTML
WordPress plugin to output a certain category on content page tweak help
Customize specific shipping method costs not being applied to WooCommerce totals
Sync lesson completion status across all courses in LearnDash
Issue with woocommerce parent child category url
Allow Free shipping based on shippable items minimal subtotal with progress bar
Wordpress change all 404 to 410 error code
How to display related post by categories with next post of current post (don't latest post or random post)
Custom content include function and apply_filters
Wordpress Mysql query to replace empty alt img with post_title