From apache documentation at:
httpd.apache.org/docs/2.4/howto/access.html
” The Allow, Deny, and Order directives, provided by
mod_access_compat, are deprecated and will go away in a future
version. You should avoid using them, and avoid outdated tutorials
recommending their use.”
So, a more future-proof answer would be:
Require ip xx.xx.xx.xx yy.yy.yy.yy
Cheers,
Tony
On 19/10/2017, Michael Pedersen via kictanet
<[email protected]> wrote:
> For those who have asked here is the more technical details of how I set
> this up (It’s really just a quick hack).
>
> 1. inside the wp-admin folder I have a .htaccess file which forbids
> access from almost every IP – something similar to:
>
> Order deny,allow
> Deny from all
> Allow from 41.212.36.170
>
> 2. Within the main web-root I have a file (see attached php code) in
> this example it’s called “kictWP.php”. When I need access to the admin I
> then simply goto www.mydomain.com/kictWP.php – enters my
> “secret” password – this then updates the .htaccess file so wp-admin can
> be accessed from my curent IP.
>
> Thats it really..
>
> Regards
> Fundi-Mike
>
>
> On 10/18/17 12:02 PM, anyega jefferson via kictanet wrote:
>> thats a fascinating fix , Michael, please share a resource i can read
>> on to learn how to do that,
>>
>> Thank you.
>>
>> On Wed, Oct 18, 2017 at 11:47 AM, Michael Pedersen via kictanet
>> <[email protected] <mailto:[email protected]>>
>> wrote:
>>
>> I agree with George’s sentiment on wordpress security – I have had
>> the (un)pleasant experience of helping/cleaning several wordpress
>> setups which had been hacked.
>>
>> That said I am sure the pro’s and con’s was considered when the
>> choice of CMS was made.
>>
>> In my experience many attacks on wordpress is targeted on the
>> /wp-admin/ folder, and making that inaccessible to all but
>> explicitly white-labeled IP’s seems to remove a lot of grief.
>>
>> I am personally running only one wordpress installation which has
>> no (customer) critical data and hosted on a separate hosting
>> setup. On that setup the admin can on be access from one specific
>> IP – but you can access a custom (non wordpress based) system to
>> change the current allowed IP to whichever IP you are currently on.
>> It takes 30seconds extra to login/access the admin but in my
>> opinion it reduces a lot of problems.
>>
>> ..
>> Mike
>>
>>
>> On 10/15/2017 11:29 PM, george sidney ralak via kictanet wrote:
>>> I like some of the responses to my questions. Still, I have to
>>> wonder, was security even considered before going for WP, which
>>> is one of the most targeted by hackers.
>>>
>>> When considering time and cost, I might consider WP, but then, do
>>> you consider extra plugins that you might have to purchase, how
>>> about updating issues.
>>>
>>> Also, I believe the client has the right to be specific with what
>>> they want. I just found it ironic that KICTANet, the platform
>>> with people and institutions in Technology in the country uses
>>> wordPress.
>>>
>>> As to the websites that use WordPress, not one of these sites
>>> uses WP out of the box – there is considerable custom development
>>> to make these sites work the way they do, development costing a
>>> lot of money. Those sites are not ‘wordpressbeginner’ grade.
>>>
>>>
>>> On Sun, Oct 15, 2017 at 9:19 PM, Odhiambo Washington via kictanet
>>> <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> +1
>>>
>>> The choice of a CMS or an OS, is purely personal to a
>>> developer or a SysAdmin. From where I sit, it’s not
>>> questionable unless STRICTLY specified by a client.
>>>
>>> On 15 October 2017 at 09:05, Ali Hussein via kictanet
>>> <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>> George
>>>
>>> On the question of why WordPress?
>>>
>>> First it’s an open source Content Management System
>>> (CMS), its free to install, deploy, and upgrade. Then it
>>> has thousands of plugins and templates that power a
>>> flexible and simple interface, which reduces development
>>> costs and deployment time. The dev team was also informed
>>> by the fact that millions of websites use WordPress. Some
>>> of he most notable brands that use WordPress include
>>> Microsoft and Bloomberg. See link below:-
>>>
>>>
>>> www.wpbeginner.com/showcase/40-most-notable-big-name-brands-that-are-using-wordpress/
>>>
>>>
>>>
>>> Hope this answers your question or concerns?
>>>
>>> *Ali Hussein*
>>> *Principal*
>>> *Hussein & Associates*
>>> +254 0713 601113
>>>
>>> Twitter: @AliHKassim
>>>
>>> Skype: abu-jomo
>>>
>>> LinkedIn: ke.linkedin.com/in/alihkassim
>>>
>>>
>>>
>>> “We are what we repeatedly do. Excellence, therefore, is
>>> not an act but a habit.” ~ Aristotle
>>>
>>>
>>> Sent from my iPad
>>>
>>> On 14 Oct 2017, at 1:23 PM, george sidney ralak via
>>> kictanet <[email protected]
>>> <mailto:[email protected]>> wrote:
>>>
>>>> Looks great.
>>>>
>>>> A few issues though. Quick links on the footer are not
>>>> really leading someone anywhere.
>>>>
>>>> And a question: Why WordPress?
>>>>
>>>> On Fri, Oct 13, 2017 at 6:11 PM, Francis Monyango via
>>>> kictanet <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> I love it. Looks really good.
>>>>
>>>> On 13 October 2017 at 16:55, Keith Andere via
>>>> kictanet <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> Liz,
>>>>
>>>> Mobile optimization is fantastic. Looks fresh
>>>> and easy to navigate.
>>>>
>>>> Barrack and team, cheers!
>>>>
>>>> Regards,
>>>>
>>>> Keith
>>>>
>>>>
>>>> Please consider the environment before printing
>>>> this e-mail.
>>>>
>>>> On 13 Oct 2017 01:03, “anyega jefferson via
>>>> kictanet” <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> Great job, looks good,
>>>>
>>>> On Thu, Oct 12, 2017 at 11:55 PM, Liz Orembo
>>>> via kictanet <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>>
>>>> Dear listers,
>>>>
>>>> Greetings,
>>>>
>>>> KICTANet has just finished working on
>>>> the first phase of the new website and
>>>> would now like to invite you to give
>>>> comments/suggestions. Especially on how
>>>> it can serve as an ICT policy engagement
>>>> platform and as an Information resource
>>>> for stakeholders.
>>>>
>>>> Here’s the link:
>>>> www.kictanet.or.ke/.
>>>>
>>>> send your comments either on/offlist, or
>>>> on the website itself.
>>>>
>>>> KICTANet owes a lot to the brilliant
>>>> team that worked on this website (Amos
>>>> Ochieng from pixels Kenya, Barrack
>>>> Otieno, Mike Musya and Washington
>>>> Odhiambo) Special thanks to Washington
>>>> who developed and maintained the old
>>>> website from the early days of the network.
>>>>
>>>> As always, we thank you for your
>>>> continued feedback and we hope you will
>>>> enjoy the new look and feel.
>>>>