In this example we'll show you how to protect your wp-login.php from being accessed by unwanted IP's.
Note: This approach will deny access to wp-login.php to any IP not allowed in the script. This means if you have a popular blog with multiple authors this is not the script to use.
Create Script
Route: wp-login.php
Script contents:
addEventListener('fetch', event => {
event.respondWith(fetchAndApply(event.request))
})
async function fetchAndApply(request) {
//Create an Array of whitelisted IP's that can login to WP
var whitelist = ["192.168.1.1", "192.168.1.2"];
//If client's IP is not in the whitelist deny access
if (!whitelist.includes(request.headers.get('x-sp-client-ip'))) {
return new Response('Access Denied',
{ status: 403, statusText: 'Forbidden' })
}
return fetch(request)
}Accessing your Script
Once the above has been created, you can access your script using any of the delivery domains on your account. In my example, I can access this script with https://sitehash.stackpathcdn.com/wp-login.php