Does this .htaccess security setting really work?

It appears to prevent any POST requests to wp-login.php that aren’t made from a page on my-domain.com.

When the browser sends a POST request, say after submitting a form, it will include a HTTP Referrer header telling the server where the request came from.

This theoretically prevents bots submitting POST requests directly to wp-login.php as part of a brute force attack, but the HTTP referrer is trivial to fake, so it’s not actually all that helpful.

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. File and directory permissions
  3. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  4. WordPress URL/Folder ReWrite using Htaccess
  5. Which WordPress scripts need to be executable for a fresh installation?
  6. Blocking access to wp-login via htaccess not working
  7. Attach to wp-login.php and xmlrpc.php
  8. XMLRPC filtering through htaccess not working
  9. Restricting user login by IP address
  10. WordPress: Adding Security
  11. How do I test to ensure that my wp-config file is protected?
  12. WordPress not seeing .htaccess rules
  13. Rules in .htaccess only if the requested URL is /wp-admin
  14. Disable directory browsing of uploads folder
  15. Strange behaviour of is_user_logged_in() and get_current_user_id()
  16. Selectively Disabling PHP via .htaccess in Root Directory
  17. Should I prevent access to .htaccess and wp-config.php files?
  18. Blocking wp-login in HTACCESS has also blocked password protected pages
  19. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  20. Using htaccess to prevent spam through wp-comments-post.php
  21. How can I create a private site that is inaccessible from the outside?
  22. Restrict Content for only Contributors via .htaccess
  23. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  24. How to redirect all HTTP requests to HTTPS
  25. Default .htaccess file for WordPress?
  26. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  27. Security and .htaccess
  28. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  29. Stop WordPress and Plugins from Overwriting .htaccess
  30. WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
  31. Blog.php or how to display recent posts?
  32. Admin-Ajax.php, SSL, Non-SSL
  33. How to Block Access to Standard Login Flow and Comment Flow
  34. WordPress site displaying 404 for any page apart from index
  35. How to avoid wordpress permalink rules to inherit in a sub-folder
  36. Cant block wordpress readme files
  37. WordPress keeps deleting .htaccess file
  38. Prevent users from browsing through the media galleries
  39. .htaccess for wordpress in separate folder
  40. How to modify the .htaccess to force ssl on login and admin pages
  41. .htaccess redirects no longer work
  42. Exclude subfolder from WP-redirect works with html but not php files
  43. Server crashed trying to restore wordpress multisite, images are not found pls help
  44. Create subdomain masking for each user in WordPress
  45. Redirect from different port to subdomain – htaccess
  46. Question with loading 403/ 404 error pages and htaccess
  47. WordPress Redirect 301 register page
  48. Only expose routes with prefix /wp-json on WordPress using Apache
  49. .htaccess password protect all but one page
  50. Hardening wordpress: blocking /includes with htaccess
  51. Install a Network under a mapped domain
  52. Using HTACCESS for Secret Access
  53. htaccess – RewriteRule without redirect not working
  54. How to fix category url 404’s after category permalink change
  55. Restrict uploaded files into a custom folder to logged in users by htaccess: looking for Nginx – not only Apache – solution
  56. How can I fetch the content of a post of my wordpress domain from an other domain?
  57. Modify the .htaccess file
  58. WordPress site not working after move
  59. blocking access to all post/tag URIs via htaccess
  60. sitemap contains weird links and does not contain my pages [closed]
  61. want to rewrite an URL in wordpress
  62. how to redirect 301 my old search query string to wordpress search query string?
  63. How to block access to files without modifying .htaccess or ngnix config? [closed]
  64. Allow REST API over HTTP, the rest of the site forced to HTTPS
  65. where to add redirection rewriterule in .htaccess file?
  66. Trouble adding directory rewrite to htaccess under wordpress [closed]
  67. Conflict with Force SSL and Rewrite Rules
  68. htaccess getting overwritten over and over = 404 error
  69. htaccess problem not being able to overwrite previous rules
  70. Relative links stop working after moving wordpress site from hosting to localhost
  71. How to rewrite 404 to home page using htaccess?
  72. “Oops.” error on an html file directly uploaded to a subdirectory of my WordPress site
  73. How do I reset a rewrite?
  74. VServer/Rootserver/Shared Hosting: Multiple WordPress installations each having their unique domain?
  75. Sub domain URL slash / missing after domain and before Post & page slug
  76. Problem with WordPress permalinks
  77. Redirect wordpress site to www from non www on wordpress server
  78. I need to make one folder private
  79. Pretty Url not working on the server
  80. Force HTTPS for mapped domain pointing to wordpress domain
  81. How can I restrict access, by IP, to the `wp-admin` folder/Dashboard?
  82. After changing permalink, getting 404 for one particular category
  83. WordPress Intercepting Requests To A File In Public HTML
  84. Installing wordpress on subdirectory 2 levels down
  85. I can access subdirectory, but not files within it
  86. htaccess mod_rewrite not working
  87. Multisite permalinks for subfolder wordpress installation
  88. Missing visual editor after placing a redirect rule into the .htaccess file
  89. Redirect not working
  90. Permanently Redirect WordPress Subfolder Blog to Subdomain on Another Server
  91. WordPress site not redirecting properly
  92. Giving WordPress it’s own directory and using .htaccess Directory Index
  93. Restrict download files from not generated Urls
  94. How to change wordpress news root url
  95. Problem with All in one WP Migration – only works the home page
  96. .htaccess for Subdomain and Subfolder w/SSL
  97. WordPress sections in htaccess kills FrontPage permissions
  98. How can I stop WordPress from catching URL’s for static pages that I save on my server
  99. Enable webp support Nginx+Apache reverse proxy with moss.sh [closed]
  100. Browser Caching .htaccess

Leave a Comment

techhipbettruvabetnorabahisbahis forumutaraftarium24edusedusedueduseduedusedueduedusedu