In my previous post about htaccess based restriction i showed how to restrict wp-admin or other file/page access by IP address. That’s very good solution when we are using VPN static IP.
But if we are using multiple connections (office, home, caffee, or multiple VPN-s with different IP addresses), then we need to have some easier solution.
And that can be cookie-based permission. Let’s see how to do that.
First of all, open your regular browser, press ctrl+shift+I combination in order to open the browser console tab. And then put this code below there, press enter. (change some_key=some_value to your desired private key-value combination)
document.cookie = "some_key=some_value; expires=Thu, 18 Dec 2043 12:00:00 UTC; path=/";Here is how it should look like
Now let’s tell htaccess to restrict wp-login.php (you can change that filename to any URL slug for sure) for all visitors but the one who has newly set private cookie.
<Files wp-login.php>
RewriteEngine On
RewriteCond %{HTTP_COOKIE} !some_key=some_value;? [NC]
RewriteRule ^ https://YOURWEBSITE.COM [NC,L]
</Files>That’s all. Now nobody except you can access that file.
Great idea, thank you !