rewrite ^/rsit/(.*)$ /wp-login.php/$1 last;
location /wp-login.php { internal; }
above code not working no apache backend, i don’t want to use any plugin
Hello,
by default EE add a bruteforce protection on wp-login.php :
# Limit access to avoid brute force attack
location = /wp-login.php {
limit_req zone=one burst=1 nodelay;
include fastcgi_params;
fastcgi_pass php;
}
But you can also add a http auth to restrict access to wp-login.php page by adding
include common/acl.conf`
In the previous location directive. It will probably be more efficient than rewriting wp-login.php URL
Actually, IMHO, the best available choice right now is a plugin named WPS-Hide-Login.
The brute-force protection is kinda aggressive with legitimate users, frequently locking them out for no reason. I had lots and lots of troubles until I started to install and configure WPS Hide Login in every of my customers’ WPs