Protect MainWP dashboard site on subdomain?

What is the best method to protect my MainWP dashboard site? The site is on a separate subdomain and I have set up the following things:

• in the root directory in my htaccess file I have access to wp-login.php limited to only my own ip address:

<Files wp-login.php>
	Order Deny,Allow
	Deny from all
	Allow from xxx.xx.0.0/16
</Files>

Also added the following code to my htaccess:

# Block the include-only files.
<IfModule mod_rewrite.c>
Rewrite Engine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>

In addition, I installed the MainWP Dashboard Lock extension and redirected the frontend page of the MainWP website to the main domain, which contains my business website. After setting this extension up I noticed that mysubdomain/wp-admin.php is also redirecting to the redirect url I set up. Is that how it suposed to work?

I don’t think there is much left to do in this area? Or does anyone have any good tips?

I use MalCare security protection (with WAF) plus daily BlogVault backups, and this so far works very well.

Correct, wp-admin.php is suppose to redirect, but /wp-admin/ should not.

Other than setting up Dashboard Lock, securing MainWP Dashboard is equivalent to securing any other WordPress installation, so follow the security practices as well as you can.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.