How to organize captcha stub for admin pages in WP, joomla, etc.?

O

Oleg Voitenko2017-01-24 14:12:58

Nginx

Oleg Voitenko, 2017-01-24 14:12:58

Tell me how to organize a redirect to a stub page with a captcha when visiting the uri /wp-login.php, /admin and other pages subject to brute force?
There are many sites with Joomla and vp on the server.
The task is as follows:
When entering the admin part, for example, WordPress, the user first sees a stub with captcha, after entering the captcha correctly, he goes directly to his /wp-login.php
, the stub page itself lies, for example, in
/www/services/captha.php this needs to be done at the server level, .htaccess is not suitable.
Many hosting sites have this.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Artyom Lipovka, 2017-02-04
@OliverV

Author seocore like:

location ~* /(wp-login\.php|administrator|admin\.php) {
    set $humantest 0;
    if ($http_cookie !~* "humans=checktest") {
        set $humantest 1;
    }
    if ($args ~* (callback|logout|lostpassword)) {
        set $humantest 0;
    }
    if ($humantest = 1) {
        add_header Content-Type text/html;
        return 200 "<html><body><script>document.cookie='humans=checktest;path=/';location.reload();</script></body></html>";
    }
    error_page 404 = @fallback;
}

X

xmoonlight, 2017-01-24
@xmoonlight

php.net/manual/en/ini.core.php#ini.auto-prepend-file

if (!$_SESSION['captcha']) {
  header("Location: /captcha.php");
  die();
}