That’s not going to stop the spammer, IMHO. Spmmers don’t even use your comment form. They ‘scrape’ the form (maybe, not required), and ‘post’ via a CURL process that sends the form fields. They don’t even have to visit your site – all they need for a comment post is the post ID. And that … Read more
I need to make one folder private
This may not be completely WordPress related. But you may try a few suggestions mentioned on this thread.
Update htaccess in several WP sites at once
execute cron jobs when .htaccess login protected?
Here’s what I would do. USE AT YOUR OWN RISK Back up the files and MySQL Delete mvf.php Try editing .htaccess again and see if it works. You can also try opening the mvf.php and seeing what’s in there. You can also try installing a security plugin like WordFence to scan your site, but I’d … Read more
From the answer in Password protect a specific URL, we can reverse the condition. To quote his answer, You should be able to do this using the combination of mod_env and the Satisfy any directive. You can use SetEnvIf to check against the Request_URI, even if it’s not a physical path. You can then check … Read more
Unfortunately on wordpress.com hosted sites, the www is automatically removed. For self-hosted wordpress installs, there are several ways to do this. In .htaccess file using something like: Options +FollowSymlinks RewriteCond %{HTTP_HOST} !^(www\.|$) [NC] RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] or set values for WordPress address and Site address in the WordPress Admin Dashboard: Settings > General or … Read more
Unfortunately a Password Protected post uses the wp-login.php file to process the password authentication for a post. So your Apache snippet of blocking all but those specific IPs is going to apply to anything that is password protected as well. You can get nerdy and read code. In here you can see that Post Password … Read more
Should I prevent access to .htaccess and wp-config.php files?