I have a site running WordPress defined in a virtual host listening at port 80 (www.example.com
).
I want to stop people accessing /wp-admin and wp-login.php but to allow access when they look in a different port like www.example.com:8080/wp-admin
or www.example.com:8080/wp-login.php
I added some RewriteRules to show a 404 error page when they hit the site at port 80 and created a new virtual host for the same site that listens at port 8080 as follows:
<VirtualHost 192.168.3.20:80>
Options -Indexes +FollowSymlinks
RewriteEngine on
RewriteRule ^/wp-login.php /wp-content/themes/404.html [R=404,NC]
RewriteRule ^/wp-admin$ /wp-content/themes/404.html [R=404,NC]
DocumentRoot /var/www/html/wordpress
ServerName www.example.com
</VirtualHost>
<VirtualHost 192.168.3.20:8080>
DocumentRoot /var/www/html/wordpress
ServerName www.example.com
</VirtualHost>
It works well showing error 404 when accessing /wp-admin and wp-login.php. When accessing through www.example.com:8080/wp-admin
or www.example.com:8080/wp-login.php
, it shows the login page as expected, but after entering the credentials and pressing enter to continue, it shows me the error 404 page declared for the virtual host at port 80, and that is what I don't want and after a lot of testing I cannot avoid it.
Does anybody have an idea of how to solve it? Maybe I was trying a wrong approach to this?
Best Answer
I'm sorry to say that I'm afraid what you're trying is not possible with WordPress. In your site settings, you defined the URL where your WordPress lives -- http://www.domain.com/. WordPress, in compliance with W3C specifications, always implements its redirects using the full host name as provided in its settings, so when you log in and it verifies your credentials, it then redirects you to http://www.domain.com/wp-admin, regardless of whether you came in on port 80, port 8080, or port 56348. I ran into this same problem myself when trying to set up an exact mirror of my WP blog on a different port for testing theme and plugin development.
To add extra security to your site's admin pages, you can try a couple of things: