Messing with Bots

3 posts by 2 authors in: Forums > CMS Builder Community
Last Post: October 28, 2017   (RSS)

By Mikey - October 27, 2017

I've been frustrated with Bots looking for a Wordpress wp-login.php page that doesn't exist on my site. I decided I'd mess with the bots a bit and put this little snippet together to get them off my site.

I created a PHP file named "wp-login.php" then added the code below.

<?php if ($_SERVER['PHP_SELF'] = '/wp-login.php'): ?>
<?php endif; ?>

Here's another that sends them back to themselves if they/someone hits the "wp-login.php" file.

if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
    $ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
} elseif (!empty($_SERVER['HTTP_X_FORWARDED'])) {
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
} elseif (!empty($_SERVER['HTTP_FORWARDED_FOR'])) {
} elseif (!empty($_SERVER['HTTP_FORWARDED'])) {
} else {
    $ip = $_SERVER['REMOTE_ADDR'];
//echo $ip;
header('Location: http://'.$ip);

Any thoughts on either of these? Pros VS Cons?


By Deborah - October 28, 2017

Zicky, I'm not sure of the pros/cons of the two PHP methods, but another way to block them is with htaccess. This covers both standard WP login urls

#block wp login bots
SetEnvIf Request_URI wp-login.php$ BackOffNow=1
SetEnvIf Request_URI ^/wp-admin/ BackOffNow=1
Order allow,deny
Allow from all
Deny from env=BackOffNow

~ Deborah