2

I try to do the same thing that the apache config, but for Nginx (fastcgi). To hide the folder / wp-admin / bot attacks. m5K3H8d6 is a key.

# HIDE LOGIN, REGISTER, ADMIN
# m5K3H8d6 is key "salt"
# wp-login = choice-login
RewriteRule ^choice-login/?$ /wp-login.php?m5K3H8d6 [R,L]
# wp-admin = choice-admin
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
RewriteRule ^choice-admin/?$ /wp-login.php?m5K3H8d6&redirect_to=/wp-admin/ [R,L]
#
RewriteRule ^choice-admin/?$ /wp-admin/?m5K3H8d6 [R,L]
# wp-login register = new-user
RewriteRule ^new-user/?$ /wp-login.php?m5K3H8d6&action=register [R,L]
#
RewriteCond %{SCRIPT_FILENAME} !^(.*)admin-ajax.php
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/wp-admin
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/wp-login.php
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/choice-login
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/choice-admin
RewriteCond %{HTTP_REFERER} !^(.*)URL-SITE/new-user
RewriteCond %{QUERY_STRING} !^m5K3H8d6
RewriteCond %{QUERY_STRING} !^action=logout
RewriteCond %{QUERY_STRING} !^action=rp
RewriteCond %{QUERY_STRING} !^action=register
RewriteCond %{QUERY_STRING} !^action=postpass
RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
# if old url message : try_again
RewriteRule ^.*wp-admin/?|^.*wp-login.php /try_again [R,L]
#
RewriteCond %{QUERY_STRING} ^loggedout=true
RewriteRule ^.*$ /wp-login.php?m5K3H8d6 [R,L]

After trying without success http://winginx.com/en/htaccess

# nginx configuration
location /choice-login {
    rewrite ^/choice-login/?$ /wp-login.php?m5K3H8d6 redirect;
}
location / {
    if ($http_cookie !~ "^.*wordpress_logged_in_.*$"){
    rewrite ^/choice-admin/?$ /wp-login.php?m5K3H8d6&redirect_to=/wp-admin/ redirect;
    }
    if ($script_filename !~ "^(.*)admin-ajax.php"){
        rewrite ^/.*wp-admin/?|^.*wp-login.php /try_again redirect;
    }
    if ($query_string ~ "^loggedout=true"){
        rewrite ^(.*)$ /wp-login.php?m5K3H8d6 redirect;
    }
}
location /choice-admin {
    rewrite ^/choice-admin/?$ /wp-admin/?m5K3H8d6 redirect;
}
location /new-user {
    rewrite ^/new-user/?$ /wp-login.php?m5K3H8d6&action=register redirect;
}

the desired goal is to make the invisible bots access to the backend of wordpress.

Tks

lolo888
  • 21
  • 6

0 Answers0