themactep.com

A home of miscellaneous projects by Paul Philippov.

Notes

  1. Homepage
  2. Notes

How to enforce SSL access and secure WordPress installation

<VirtualHost *:80>
  ServerName domain.tld
  ServerAlias www.domain.tld

  RewriteEngine On 
  RewriteCond %{HTTPS} !=on 
  RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VisrtualHost>

<VirtualHost *:443>
  ServerName domain.tld
  ServerAlias www.domain.tld
  ServerAdmin admin@domain.tld
  DocumentRoot /path/to/siteroot

  <Directory /path/to/siteroot>
    AllowOverride all
    Require all granted

    <Files "wp-login.php">
      Require all denied
      Require ip <YOUR_STATIC_IP>
    </Files>
  </Directory>

  <Location "/wp-admin/">
    Require all denied
    Require ip <YOUR_STATIC_IP>
  </Location>

  CustomLog /path/to/log/ssl-access.log combined
  CustomLog /path/to/log/ssl.log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
  ErrorLog /path/to/log/ssl-error.log
  LogLevel warn

  SSLEngine on
  SSLCertificateFile /path/to/ssl/domain_tld_tree.crt
  SSLCertificateKeyFile /path/to/ssl/domain_tld.key
</VirtualHost>