Reputation: 1
.htaccess IP Blocking not working
I can't seem to get this .htaccess IP blocking script to work. I want to block any IP except mine from being able to access the wordpress login script and admin folder. My IP is 55.55.555.55 in this code. It works in that it blocks access to the file and folder from all IP's, but it doesn't let me access it through my IP. I get the 403 error as well. I am running Cloudflare, I don't know if that could be causing problems. Here is the current .htaccess
RewriteEngine On
RewriteBase /
#Block everyone but me
RewriteCond %{REMOTE_ADDR} !^55\.55\.555\.55$
RewriteRule ^(wp-login\.php|wp-admin) - [F,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
I don't know why it isn't working, I've tried half a dozen variations of the wordpress login .htaccess IP blocker, and the IP is my actual IP, the IP it showed on 5 different 'What's my IP' sites. When I delete or rename the .htaccess, anyone can view the login page, but when it's there I can't either.
Also, the blog itself is in blog.domain.com, domain.com does a 301 redirect to take it there, so the blog and .htaccess are in blog.domain.com/. I doubt that makes a difference, but that's how it's set up.
Update: I tried using the same .htaccess on another site I have, which doesn't have cloudflare, here is the .htaccess I used
AddHandler php-stable .php
RewriteEngine On
RewriteBase /
#Block everyone but me
RewriteCond %{REMOTE_ADDR} !^55\.55\.555\.55$
RewriteRule ^(index.php) - [F,NC]
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
As you can see, I changed it to only work on the index.php, and I made a quick test index.php page. When I went there on my computer, it loads it, but proxies return the 403 correctly. Could cloudflare somehow be causing the problems? Even though I disabled the caching, could it be screwing with it?
I just found this https://www.cloudflare.com/resources-downloads#mod_cloudflare I'm reading it now
Upvotes: 0
Views: 1073
Answers (1)
Reputation: 785146
Order of rules in .htaccess is very important. In your case WP rules are above and taking full control.
Change order or the rules:
RewriteEngine On
RewriteBase /
# Block everyone but me
RewriteCond %{REMOTE_ADDR} !^55\.55\.555\.55$
RewriteCond %{THE_REQUEST} \s/+(wp-login\.php|wp-admin/)[\s?] [NC]
RewriteRule ^ - [F]
# regular WP stuff
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Upvotes: 0
Related Questions
- how to Block specific IP to access the wordpress website
- .htaccess block all but my ip
- Blocking IP range in htaccess file
- (htaccess) How to block IPs from Wordpress pages?
- PHP : block ip address in php code
- Blocking ip with htaccess
- .htaccess doesn't recognize allowed ips
- When I block an ip address in my .htaccess file, all ip addresses are blocked
- .htaccess Deny from <IP> rule being ignored
- Why isn't this htaccess code blocking a specified IP?