jboesch · November 15, 2011 18:03
diff --git a/wordpress_extra_security.php b/wordpress_extra_security.php
 <?
 // See if we're trying to access the wp-admin area, prompt for 2nd layer of security
 // Once this authenticates, you'll be able to login again at the main /wp-admin area. 
 // This is to prevent bots poking at the WordPress login area. You can do other things to help
 // secure your WordPress site, this is just one of them. See http://codex.wordpress.org/Hardening_WordPress

 // USAGE: Drop the code below in wp-config.php
 if(stristr($_SERVER['PHP_SELF'], 'wp-login.php'))
 {
    $user = 'someuser';
    $pass = 'somepass';
    $realm = 'Outworld (Mortal Kombat)';

    if(!isset($_SERVER['PHP_AUTH_USER']) || ($_SERVER['PHP_AUTH_USER'] != $user || $_SERVER['PHP_AUTH_PW'] != $pass))
    {
        header('WWW-Authenticate: Basic realm="' . $realm . '"');
        header('HTTP/1.0 401 Unauthorized');
        die('Oh fuck off.');
    }

 }
	<?
	// See if we're trying to access the wp-admin area, prompt for 2nd layer of security
	// Once this authenticates, you'll be able to login again at the main /wp-admin area.
	// This is to prevent bots poking at the WordPress login area. You can do other things to help
	// secure your WordPress site, this is just one of them. See http://codex.wordpress.org/Hardening_WordPress

	// USAGE: Drop the code below in wp-config.php
	if(stristr($_SERVER['PHP_SELF'], 'wp-login.php'))
	{
	$user = 'someuser';
	$pass = 'somepass';
	$realm = 'Outworld (Mortal Kombat)';

	if(!isset($_SERVER['PHP_AUTH_USER']) \|\| ($_SERVER['PHP_AUTH_USER'] != $user \|\| $_SERVER['PHP_AUTH_PW'] != $pass))
	{
	header('WWW-Authenticate: Basic realm="' . $realm . '"');
	header('HTTP/1.0 401 Unauthorized');
	die('Oh fuck off.');
	}

	}