Protect MainWP dashboard site on subdomain?

What is the best method to protect my MainWP dashboard site? The site is on a separate subdomain and I have set up the following things:

  • in the root directory in my htaccess file I have access to wp-login.php limited to only my own ip address:
<Files wp-login.php>
	Order Deny,Allow
	Deny from all
	Allow from xxx.xx.0.0/16

Also added the following code to my htaccess:

# Block the include-only files.
<IfModule mod_rewrite.c>
Rewrite Engine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]

In addition, I installed the MainWP Dashboard Lock extension and redirected the frontend page of the MainWP website to the main domain, which contains my business website. After setting this extension up I noticed that mysubdomain/wp-admin.php is also redirecting to the redirect url I set up. Is that how it suposed to work?

I don’t think there is much left to do in this area? Or does anyone have any good tips?

I use MalCare security protection (with WAF) plus daily BlogVault backups, and this so far works very well.

1 Like

Correct, wp-admin.php is suppose to redirect, but /wp-admin/ should not.

Other than setting up Dashboard Lock, securing MainWP Dashboard is equivalent to securing any other WordPress installation, so follow the security practices as well as you can.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.