How can I create a private site that is inaccessible from the outside?

My security solutions so far:

WordPress

  • Make all new posts private (in WordPress)
  • Don’t use any modules, the more third party software I add the less secure the repo becomes
  • Two factor authentication ( this would break the no third party module rule above)

Apache

  • Force https (in .htaccess)
  • Protect web repository using .htpasswd (in .htpasswd)
  • Two factor authentication (not sure if it can be done on a server level? )
  • Allow access to server only from my country (in .htaccess)

Related Posts:

  1. Improve wordpress security by hiding non public resources
  2. Does this .htaccess security setting really work?
  3. File and directory permissions
  4. Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
  5. WordPress URL/Folder ReWrite using Htaccess
  6. Which WordPress scripts need to be executable for a fresh installation?
  7. Blocking access to wp-login via htaccess not working
  8. Attach to wp-login.php and xmlrpc.php
  9. XMLRPC filtering through htaccess not working
  10. Restricting user login by IP address
  11. WordPress: Adding Security
  12. How do I test to ensure that my wp-config file is protected?
  13. WordPress not seeing .htaccess rules
  14. Rules in .htaccess only if the requested URL is /wp-admin
  15. Disable directory browsing of uploads folder
  16. Strange behaviour of is_user_logged_in() and get_current_user_id()
  17. Selectively Disabling PHP via .htaccess in Root Directory
  18. Should I prevent access to .htaccess and wp-config.php files?
  19. Blocking wp-login in HTACCESS has also blocked password protected pages
  20. Basic Auth .htaccess on wp-login, but allow logout from woocommerce
  21. Using htaccess to prevent spam through wp-comments-post.php
  22. Restrict Content for only Contributors via .htaccess
  23. Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
  24. Why is this line of code Wrong in every WordPress .Htaccess security article?
  25. How to redirect all HTTP requests to HTTPS
  26. Default .htaccess file for WordPress?
  27. Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
  28. Security and .htaccess
  29. Protecting direct access to PDF and ZIP unless user logged in (without plugin)
  30. htaccess disable WordPress rewrite rules for folder and its contents
  31. How disable SSL redirect for specific URL?
  32. Which ways can be used to log in to WordPress?
  33. Why does the header set X-Robots-Tag apply to all pages?
  34. How to avoid wordpress permalink rules to inherit in a sub-folder
  35. How to change “wp-admin” to something else without search-replacing the core?
  36. Error:406 not acceptable
  37. .htaccess Rewrite URL WordPress
  38. A plugin changes my .htaccess file and I can’t access httpd.conf as that’s a shared server
  39. How can I code my plugin to safely modify .htaccess?
  40. HTAccess stops me from accessing WordPress Dashboard links
  41. Exclude subfolder from WP-redirect works with html but not php files
  42. .htaccess rewrite rule puzzle
  43. No option “I would like my site to be private, visible only to users I choose” in Privacy Settings
  44. Allow logged in users who doesn’t belong to whitelisted ips
  45. Best way to redirect site in subdirectory to root?
  46. Missing slash after moving site to subfolder
  47. WildCard SSL with wordpress subdomain
  48. htaccess – RewriteRule without redirect not working
  49. browser caching not disabled after disabling in .htaccess
  50. Transfer to HTTPS – mixed content on main page only [closed]
  51. Htaccess redirect after changing Language URL format
  52. Adding a SSL Certificate
  53. .htaccess Security Header Rules
  54. mod_rewrite loop, redirecting http to https on certain section of wordpress blog
  55. .htaccess in subdir gets ignored by WordPress’ own .htaccess in /
  56. blocking access to all post/tag URIs via htaccess
  57. What to write in the htaccess in order to detect browser language and point accordingly?
  58. Allow REST API over HTTP, the rest of the site forced to HTTPS
  59. .htaccess RewriteCond excluding directories does not work when there is an .htaccess or php.ini in subdirectory
  60. Separate 404 page for WordPress in subfolder
  61. Weird behavior of Dashboard, must be core files
  62. 404 error Additionally 403 Forbidden error on a URL
  63. Remove trailing slash after .html extension
  64. Does WP suppresses .htaccess if permalinks are disabled?
  65. WordPress .htaccess file gives issues with subdirectory
  66. W3 Total Cache CSS & JS files GZip issues [closed]
  67. WP Super Cache unable to locate cache file for only the homepage
  68. Local PC cache stays filled with old WordPress Site data
  69. How to have a custom URI path for specific page template
  70. WordPress JSON API restrict to specific domain
  71. Where to put W3 Total Cache rewrite rules in .htaccess? [closed]
  72. Htaccess rewrite based on query string, not working [closed]
  73. Redirect all subdomains to root domain
  74. Rewrite Rules not redirecting rewrite
  75. How do i allow access to a single file in my root directory? [closed]
  76. What’s the best way to manage a lot of 301 redirects in WordPress?
  77. Shared hosting, multiple sites, can’t log in to WP due to .htaccess redirection
  78. Htaccess maintenance page rules that actually work with WordPress?
  79. What causes 404 errors that forces you to rebuild a .htaccess file?
  80. How to set up MS Exchange Autodiscover alongside WordPress
  81. Xampp is not loading media
  82. PHP application in sub directory keeps redirecting to main site
  83. execute cron jobs when .htaccess login protected?
  84. Redirect WordPress site to a landing (construction) page using htaccess, with access to /wp-admin and /invoice
  85. change URIs of migrated site
  86. htaccess- to hide subdirectory slug only from the post
  87. Steps for WordPress over SSL
  88. Fixing Access-Control-Allow-Origin (CORS origin) for multiple subdomains
  89. insert_with_markers() WordPress & htaccess help
  90. .htaccess and virtual host configuration for WP in its own directory
  91. 403 forbidden due to .htaccess?
  92. Issue after changing permalink structure [duplicate]
  93. How to rename the WordPress wp-login.php running on IIS6?
  94. Where is the htaccess in wordpress.com hosting?
  95. Debug errors for “Destination directory for file streaming does not exist or is not writable”
  96. Url redirection using htacess for my website
  97. .htaccess seems to be required but I can not find it
  98. cant access website thru www only works on direct xyz.com
  99. Htaccess to redirect whole website to coming soon html page
  100. When accessing a wordpress blog, I want to force http when accessing wordpress via xmlrpc otherwise force https