Login | Sign up | Toll-Free: 1-800-752-0455
 
 

Forum

 

3 posts by 2 authors in: Forums > CMS Builder Community
Last Post: October 28, 2017

I've been frustrated with Bots looking for a Wordpress wp-login.php page that doesn't exist on my site. I decided I'd mess with the bots a bit and put this little snippet together to get them off my site.

I created a PHP file named "wp-login.php" then added the code below.

<?php if ($_SERVER['PHP_SELF'] = '/wp-login.php'): ?>
<?php
    header("location: http://example.com/");
    exit();
    ?>
<?php endif; ?>

Here's another that sends them back to themselves if they/someone hits the "wp-login.php" file.

<?php
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} elseif (!empty($_SERVER['HTTP_FORWARDED_FOR'])) {
    $ip = $_SERVER['HTTP_FORWARDED_FOR'];
} elseif (!empty($_SERVER['HTTP_FORWARDED'])) {
    $ip = $_SERVER['HTTP_FORWARDED'];
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
}
//echo $ip;
header('Location: http://'.$ip);
?>

Any thoughts on either of these? Pros VS Cons?

Zicky

Zicky, I'm not sure of the pros/cons of the two PHP methods, but another way to block them is with htaccess. This covers both standard WP login urls

#block wp login bots
SetEnvIf Request_URI wp-login.php$ BackOffNow=1
SetEnvIf Request_URI ^/wp-admin/ BackOffNow=1
Order allow,deny
Allow from all
Deny from env=BackOffNow

~ Deborah

Thanks Deborah!

much cleaner approach... I'm going to put your suggestion into action!

cheers, zicky