What is the best method to protect my MainWP dashboard site? The site is on a separate subdomain and I have set up the following things:
- in the root directory in my htaccess file I have access to wp-login.php limited to only my own ip address:
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from xxx.xx.0.0/16
</Files>
Also added the following code to my htaccess:
# Block the include-only files.
<IfModule mod_rewrite.c>
Rewrite Engine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
In addition, I installed the MainWP Dashboard Lock extension and redirected the frontend page of the MainWP website to the main domain, which contains my business website. After setting this extension up I noticed that mysubdomain/wp-admin.php is also redirecting to the redirect url I set up. Is that how it suposed to work?
I don’t think there is much left to do in this area? Or does anyone have any good tips?