Thanks to the recent rash of hacking attempts, we lost access to the Wordpress dashboard for aspiringmama.com. I attempted the recommended "Dynamic IP address access, limit by referer" solution given on this Inmotion Hosting page: http://www.inmotionhosting.com/support/edu/wordpress/lock-down-wordpress-admin-login-with-htaccess
... with no success. Still blocked.
Any advice or ideas?
This does not work for this site. I have made that ABUNDANTLY CLEAR.
Go ahead, try it.
I have asked Inmotion to look into it. Throwing the same failed solution back at me is not fixing the problem.
"I attempted the recommended "Dynamic IP address access, limit by referer" solution given on this Inmotion Hosting page: http://www.inmotionhosting.com/support/edu/wordpress/lock-down-wordpress-admin-login-with-htaccess
I am very sorry for the trouble with the back and forth on this. When I commented earlier I was addressing your previous comment, I see now in your original question though you stated the "Referer" method does not work.
The article in question gave several different .htaccess solutions. When we checked your .htaccess file, we saw more than one solution in there, which may be why the referer method you tried didn't initially work. We cleaned up the .htaccess to only include the "referer" method. This referer solution should work for you as it is not tied to any specific IP address, as we know your client's IP address changes regularly.
While it does appear to work, we don't have your login credentials so we cannot test fully. Please test again, and let us know the outcome. In order for us to diagnose the URI issue you explained earlier, we will need to test it and review any errors that occurs. We're really sorry for all this trouble you're going through, and want to see you get back up and running with a viable solution.
Was looking at the account with your domain and it appears that live tech support answered your question. Were you still having the issue? Please let us know if the problem still persists. Do be aware that the security issues are there due to the attacks on the Wordpress logins. Working with no security on the login may lead to issues that will compromise the site. Check out these articles for the latest information on the issue:
If you have any further questions, please contact technical support available 24 hours a day / 7 days a week.
The tech patched the problem by restricting logins to two fixed IP addresses. This is absolutely not workable for the site owner, for three reasons:
* She moves around a lot, as one would expect of a busy business owner;
* Her internet access will be changing shortly;
* She could well have dynamic IP allocation at home.
It was for these reasons that I didn't waste my time implementing fixed IP addresses as a "solution." It's not a solution; it's a kluge.
So, now we have four options:
* Continue to use fixed IP addresses and basically make her site inaccessible to her most of the time, hurting her business as a professional writer;
* Look into the low-lowel reasons that Wordpress can't handle restricting by URI when a site URI is mapped to child URI (and this is a known problem whose solution is beyond the access of the user);
* Remove the security filters in the .htaccess files and risk being hacked;
* Move the site away from Inmotion.
The first option isn't workable, Inmotion is aware of the second option and, to the best of my knowledge, has not acted on it, so we're left with the last two options. As Inmotion has noted, option three could well pull down or deface her site anyway. That leaves "Move the site."
It has been Inmotion's choice, not ours, to throw this back over the fence to me instead of looking into the deeper issue.