Protect your CMS Backoffice login without plugins

Problem:

You are working with a Wordpress or Joomla CMS and you need to protect your back-office login to avoid massive attacks or hacking, but you are not sure to use a plugin to do that, you are looking to know what are the page in the corresponding CMS to edit to add your own script.

Solution:

It's quite easy to protect your CMS back office, it depend of the CMS that you are working on, you can do this using a little script to avoid any access to the login screen.

The script is something like this one:

<?php
$vip = $_SERVER['REMOTE_ADDR'];
if ( ($vip!='92.239.116.139')  ) {
  echo "<div id='errmessage'>Forbbiden to:".$vip."</div>";
} 
?>

Now, you only need to add this lines of code to the following files, it depend of the site and/or page that you would like to protect.

With this script, only connections to your site from the choose IP will be able to access to your site, if your IP is not static, you will need to update this script or maybe use another one that use other check rather than the remote ip connected to the site.

Joomla:

• Frontoffice:  
  /httpdocs/templates/<yourtemplate>/index.php
• BackOffice:  
  /httpdocs/administrator/templates/<yourtemplate>/index.php

Wordpress:

• Login:  /httpdocs/wp-login.php

Can't access to wordpress multi-site wp-admin

Problem:

You have setup the standard Wordpress multi site configuration in Wordpress ( using "directories" not subdomains ) and create one or more sub sites; the problems is that when you try to access to the sub-site web view or sub-site wp-admin you get a 404 error and it's not possible to view the template styles files or login into the wp-admin to manage the sub site.

Solution:

you have to apply a different configuration in the .httpaccess file, just apply the next configuration:

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\.php)$ $1 [L]
RewriteRule . index.php [L]

Source:

Wordpress httaccess Support:
https://wordpress.org/support/article/htaccess/

index.php in wordpress friendly url

 Problem:

After the automatic installation using a word press template installation wizard, you see that the permanent links have the "index.php" in the friendly url; you need to remove index.php from friendly url.

Solution:

To fix this problem you have to go to settings, permanent links, custom structure, there you will se something like this:

index.php/%year%/%month%/%day%/%postmark%/

You only need to change it like this:

/%year%/%month%/%day%/%postmark%/