Free Ways to Help Secure Your Law Firm’s Website

Blocking IPs

When using Wordfence's firewall, I immediately block IP addresses that attempt going to these pages:

  • /xmlrpc.php
  • /wp-login.php

.htaccess File

Here's the code:

# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-SSL} !on
RewriteCond %{HTTP_HOST} ^lawventure\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.lawventure\.com$
RewriteRule ^/?$ "https\:\/\/lawventure\.com\/" [R=301,L]

# BEGIN protect xmlrpc.php
<files xmlrpc.php>
order allow,deny
deny from all
</files>
# END protect xmlrpc.php


 Mark lesson complete
  • Nisan@zaghilaw.com says:

    Hi Jarrett,

    Could you please share the code used to modify .htaccess?

    Thanks,
    Nisan

    • {"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}
    >