Forum Topic: Make WordPress Admin Invisible

Forum: .htaccess Forum : WordPress • Posted by Leon Fernandez • Updated:

Just starting to test WordPress, and this is just an idea I had, trying to totally hide wp-admin directory and login, in case somebody asks for it, just act as it does not exist (throw a 410 Gone error, that wouldnt fill my error-logs in case somebody is persistant, unless it is my house and

office ips, for example:

<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteCond %{REQUEST_URI} ^(.*)?wp-admin/.*$ [NC]
	RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php$ [NC]
	RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.101$ [OR]
	RewriteCond %{REMOTE_ADDR} !^234\.567\.891\.011$
	RewriteRule [R=410]
</IfModule>

Although somehow it doesnt seam to work, dont know if Im missing something here? Or if it is possible??

3 Replies to “Make WordPress Admin Invisible”

Leon Fernandez
Posted by Leon Fernandez •

Finally got it working, the code above gave me errors, the only difference was the ^(.*)$ - clause at the beggining of the RewriteRule itself (innocently I thought that it just needed a GONE command.

# Lets tellem its gone invisible, for only my ip
<IfModule mod_rewrite.c>
	RewriteEngine on
	RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [NC,OR]
	RewriteCond %{REQUEST_URI} ^(.*)?wp-admin/.*$ [NC]
	RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.101$ [OR]
        RewriteCond %{REMOTE_ADDR} !^234\.567\.891\.011$
	RewriteRule ^(.*)$ - [R=410,L]
</IfModule>

Works like a charm, testing it out this morning at 2 different locations and changing the ip address and all, anybody would think you are not using wordpress and your error logs wont fill up.

Jeff Starr
Posted by Jeff Starr

Glad you got it figured out, but make sure to test thoroughly and keep an eye on things. There are many plugins that require access to the /wp-admin/ directory, but may be denied access with that technique as written. Proxy servers are good tools for testing such directives, and it may also be useful to whitelist your server IP address.

Leon Fernandez
Posted by Leon Fernandez •

Ohh, haven't tested plugins yet, didn't think of that. I'll give it a spin to see what's kookin', thanx.

PS: By the way, I have been reviewing your plugins (reviewing code for the moment) and I love the way you simplify, explain and secure everything, I can see that there are alot of plugins that look like a mess in the extend directory in WordPress (codewise talking), but yours always seam accurate, ordered and precise, Thanx for that.

PS2: (not to be confused with Play Station 2, haha).. thanx for the follow up on the contact form. Saludos.