Overview
You can use this document to learn how to protect wp-login.php from unwanted IP addresses.
Based on the script's configurations, this process will deny access to wp-login.php to specified IP addresses. For example, if you have a blog with multiple authors, then you should not use this script.
Before you begin, you must enable serverless scripting for your stack. To learn more, see Enable Serverless Scripting and Create a Script.
View a sample script
In the following example, the route is: wp-login.php
Review the following sample script:
addEventListener('fetch', event => {
event.respondWith(fetchAndApply(event.request))
})
async function fetchAndApply(request) {
//Create an Array of whitelisted IP's that can login to WP
var whitelist = ["192.168.1.1", "192.168.1.2"];
//If client's IP is not in the whitelist deny access
if (!whitelist.includes(request.headers.get('x-sp-client-ip'))) {
return new Response('Access Denied',
{ status: 403, statusText: 'Forbidden' })
}
return fetch(request)
}
Access your script
You can access your script with any of the delivery domains on your account.
Based on the above example, you can access the script with: https://sitehash.stackpathcdn.com/wp-login