隐藏/阻止对wp-admin的访问的正确方法是什么 [英] What's the correct way to hide/prevent access to wp-admin
问题描述
一段时间以来,我一直在处理这个问题,我读了很多文章和东西,但是找不到适合您的方式来显示正确,标准,正确的地方,防止访问我的wp-admin或wp-login.php
I'm dealing with this matter since a while, I have read a ton of articles and stuff out there but I couldn't find a place that shows the RIGHT way, standard, correct, whatever you like to call it, to prevent access to my wp-admin or wp-login.php
在我看到的所有Wordpress网站(制作精良的网站)上,如果您键入thesite.com/wp-admin
On all Wordpress sites I see (the well made ones) you will never see anything if you type thesite.com/wp-admin
正如我所看到的,执行此操作的一种方法是通过创建.htaccess文件来限制对该文件夹的访问,并通过IP来限制对该文件夹的访问.似乎是最干净"的方法.我不确定这是我的ISP提供的动态地址,因此在某些时间我的IP会更改,这将迫使我也将.htaccess更改为我的新地址,我看不到实用的.我也可以设置范围,但是这样做还可以授权访问该IP范围内的所有人员(例如,我的ISP的其他客户端).
As I could see, one way to do this is by restricting the access to that folder by creating an .htaccess file and restrict by IP the access to the folder. Seems to be the "cleanest" way to do. What I'm not sure about it is that I have a dynamic address provided by my ISP, so on a certain time my IP will change, that will force me to also change the .htaccess to my new address, I don't see that practical. I can set a range also, but by doing that I will also authorize access to all people within that range of IPs (other clients of my ISP for example).
然后,我努力寻找最佳/标准的方法来做到这一点.
I'm then struggling to find the best/standard way to do this.
有人可以帮助我吗?
谢谢
推荐答案
来自此法典讨论-此博客文章声称提供了一种重命名wp-admin的解决方案.我还没有测试过,但是它似乎确实对人们有用.
From this Codex discussion - this blog article claims to provide a solution for renaming wp-admin. I haven't tested it, but it does seem to have worked for people.
但是,
此hack有其弊端.
This hack has its drawbacks.
- 帖子上的编辑"链接将不再起作用.您可能需要将其从主题中删除.
- 侧栏上的管理员链接将不再起作用.您可能需要将其从主题中删除.
- 标准登录链接将不再起作用.相反,请使用书签,因为它会在您完成登录后将您重定向到隐藏的登录页面.
- The "edit" link on your posts will no longer work. You may want to remove it from your theme.
- The admin link on your side bar will no longer work. You may want to remove it from your theme.
- The standard login link will no longer work. Instead, use a bookmark as it will redirect you back to your hidden login page after you finish logging in.
或者,也可以选择添加Apache .htaccess密码对话框(位于wp-admin登录名顶部).那不会隐藏它,但是它将提供另一层(尽管很烦人)安全性.
As an alternative, there's also the option of adding an Apache .htaccess password dialog on top of the wp-admin login. That won't hide it, but it will provide another (albeit annoying) layer of security.
如果您拥有动态IP,或者想从其他网络访问该站点,我不知道一种限制.IP访问的好方法.
I'm not aware of a good .htaccess way to limit access IP-wise if you have a dynamic IP, or want to access the site from different networks.
这篇关于隐藏/阻止对wp-admin的访问的正确方法是什么的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
