Top Nav

Block wp-login.php On Single Site In WordPress Multisite

Take the case where you have a WordPress multi-site with many domains pointing to a single virtual host. When the site gets hit with a wp-login.php attack you want to password protect the wp-login.php script but just for the targeted site … not for every site in the multisite.  Here’s the .htaccess rules to accomplish this:

We set an environment variable based on the Host header and then require login from requests with the matching environment variable.