Results 1 to 17 of 17
  1. #1
    Join Date
    Jun 2013

    redirect wp-login to captcha


    Any ideas how to globally redirect wp-login to a customer page with a captcha that can then redirect back to the correct wp-login?

    Heart Internet have implemented this and works well.

  2. #2
    Join Date
    Feb 2006
    Kepler 62f
    That doesn't do anything for resources. It's not real security.
    Better is to block access to certain IP ranges.

    For example, how much legit traffic do you get from None, I bet.
    But you'll get lots of crap traffic.
    || Need a good host?
    || See my Suggested Hosts List || Editorial: EIG/Site5/Arvixe/Hostgator Alternatives

  3. #3
    The post by NetworkPanda is probably what you are looking for. This was used to thwart the massive wordpress bot net in April.

    webhostingtalk dot com/showthread.php?t=1255387&page=17

    (I dont have 5 posts so I cant post proper links.. sorry about that.)

    I still see bots attacking wordpress pages constantly so I frequently use this method for most of my VPS customers.

    Hope that helps!

  4. #4
    Join Date
    Mar 2003
    Moved > Hosting Security and Technology .
    Specially 4 You
    JoneSolutions.Com ( Jones.Solutions ) is on the net 24/7 providing stable and reliable web hosting solutions and services since 2001

  5. #5
    You can also install security plugins to protect your login page and Wordpress installation.
    || Web Hosting Blog - Web Hosting security & latest web hosting industry Announcements
    || Web Hosting Discussion - A Web Hosting community

  6. #6
    Join Date
    Jun 2013
    Mostly1 - Thansks this is great.

    looking to do this as a host for all sites rather than just one tho..

  7. #7
    I use cPanel on our servers and this method does effect all users on the server. All users will be effected as long as the login page is infact wp-login.php.

    Below is how I do it (sorry for any formatting issues with this.)

    First edit this file :

    Put this line AT THE TOP:

    Include "/usr/local/apache/conf/includes/wordpressprotect.conf"
    Then you need to copy this script into a file and run it: (example located in root)

    echo "Generating random username (6 alphanumeric characters)..."
    username=`cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 6 | head -n 1`
    echo "Generating two random numbers for math..."
    result=$(($n1 + $n2))
    echo "Creating and saving configuration file..."
    <LocationMatch \"wp-login.php\">\n
    AuthType basic\n
    AuthName \"WordPress attack protection CAPTCHA. Enter username: $username Password: The result of math $n1+$n2\"\n
    AuthUserFile /home/wp-admin-attack-htpasswd-file\n
    Require valid-user\n
    ErrorDocument 401 \"Authentication required\"\n
    echo -e $CONFFILE > /usr/local/apache/conf/includes/wordpressprotect.conf
    /bin/chmod 0755 /usr/local/apache/conf/includes/wordpressprotect.conf
    /bin/rm -f /home/wp-admin-attack-htpasswd-file
    /usr/local/apache/bin/htpasswd -bc /home/wp-admin-attack-htpasswd-file $username $result
    /bin/chmod 0755 /home/wp-admin-attack-htpasswd-file  
    echo "Restarting Apache..."
    /etc/init.d/httpd restart
    echo "All done!"

    Its the same script with comments removed and a shorter message displayed. Hope that helps. All credit goes to NetworkPanda.

  8. #8
    Join Date
    Jun 2013
    That's exactly what i was looking for! thank you!

  9. #9
    Join Date
    Jun 2013
    I guess this would also work if i did the same but for wp-admin.php aslo?

    so add

    Include "/usr/local/apache/conf/includes/wordpressprotectLOGON.conf"
    Include "/usr/local/apache/conf/includes/wordpressprotectADMIN.conf"

    and duplicate the accordingly?

  10. #10
    Join Date
    Jun 2013

    Just implemented this...

    When visiting wp-login.php, i see the new login prompt. but then when entinering the info and submitting i get :

    This webpage has a redirect loop

    any ideas?

  11. #11
    To my knowledge, there is no "wp-admin.php". wp-admin is a redirect to "wp-login.php"

    If you look at what the script is doing, its only going to bring up this message when visiting wp-login.php

    <LocationMatch \"wp-login.php\">

    It sounds to me like the another rule you have added is effecting the same file.

    If you wanted this to protect other files, you will need to add a separate set of parameters for each

  12. #12
    Join Date
    Jun 2013
    no your right! i noticed it redirects.. i only need as you described wp-login.php.

    but i keep getting this error from chrome:

    This webpage has a redirect loop

  13. #13
    Join Date
    Jun 2013
    [SOLVED] -

    Just to update.. I changed from DSO PHP handler to suPHP and this works like a charm.

    Would be nice to get it on a page with some nice CSS tho

  14. #14
    Join Date
    Jun 2013
    Do you need to add this to a CRON to have the random name and answer change as they always the same..?

  15. #15
    Join Date
    Jun 2013
    Sorry to bring this up again..

    This soulution does not work on iPhone, You cannot see nor use the login on iPhone.

    Does anyone have any ideas how to do this but have the captcha on a page rather than a popup auth box?

  16. #16
    Join Date
    Dec 2013
    Is there any way to protect wp-login.php for a shared or reseller host?

  17. #17
    Join Date
    Jun 2013
    I would also like a solution for this.

Similar Threads

  1. login redirect v1.31 script
    By civey in forum Programming Discussion
    Replies: 35
    Last Post: 12-18-2012, 11:59 AM
  2. Apache Authentication / Login with CAPTCHA
    By FINESEC in forum Other Offers & Requests
    Replies: 0
    Last Post: 10-30-2012, 04:55 PM
  3. Auto redirect to cpanel login
    By jfalconi in forum Web Hosting
    Replies: 17
    Last Post: 09-29-2012, 10:30 PM
  4. login redirect v1.31 script - Calling KMyers ;)
    By broken_paw in forum Programming Discussion
    Replies: 50
    Last Post: 07-27-2012, 03:08 PM
  5. login redirect v1.31
    By civey in forum Programming Discussion
    Replies: 0
    Last Post: 08-24-2011, 10:40 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts