I am trying to use the .htaccess to secure my WordPress login. There are plenty of these out there and the most effective includes the addition of the following to htaccess: RewriteEngine on RewriteCond %{REQUEST_METHOD} POST RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC] RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteRule ^(.*)$ – [F] Code (markup): Here is my setback, i dont want the referrer to be the site, i want it to be my web server/plesk. There is a login link from each subscription that does some redirect magic and logs you in. I was hoping to make my server the referrer but cannot execute it. Any recommendations?
Does your web server/plesk have a url you could use? Have you tried changing (.*)?example\.com to (.*)?yourpleskdomain\.com? You could also use an ip 123\.456\.789\.323 I believe
I have tried that, also tried https, i simply can't get anything to work. when i click login from plesk the url looks like this, https://my.pleskdomain.com:8443/modules/wp-toolkit/index.php/domain/redirect/id/25 Code (markup): then redirects straight to wp-admin so its posting to the login somehow, i should be able to make this the referer somehow.