Forum Discussion
Per_Hagstrom
Nimbostratus
NimbostratusSimple WordPress login protection, using cookie insert
I'm trying to deny access to the default login page on our WordPress site, when going straight to the login page (/wp-login.php), by redirecting you to /access-denied. But if you know the "secret" pa...
Per_HagstromNimbostratus
NimbostratusAnd for anyone who might be interested in the iRule I created, here it is:
when HTTP_REQUEST {
if {[string tolower [HTTP::path]] equals "/secretpage"} {
set ckname "SecretCookie"
set ckvalue "1"
set cookie [format "%s=%s; path=/; domain=%s" $ckname $ckvalue ".domain.org"]
HTTP::respond 302 Location "https://[HTTP::host]/wp-login.php" "Set-Cookie" $cookie
}
if {[string tolower [HTTP::path]] contains "/wp-login.php" and (![HTTP::cookie exists "SecretCookie"])} {
HTTP::redirect "https://[HTTP::host]/restricted-access-page"
}
}
Tested it out, and it seems to work perfectly! And since the "/secretpage" doesn't exist on the web server, good luck to the pesky hackers trying to brute force the login page now! 🙂
/ Per