Title: Pre-login hook for filtering code Last modified: August 24, 2016 --- # Pre-login hook for filtering code * [Another Guy](https://wordpress.org/support/users/another-guy/) * (@another-guy) * [11 years, 1 month ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/) * I have a routine that I have installed on wordpress sites which filters out incoming requests for things like wp-login, /wp-admin, and so on. The code runs BEFORE any of the wordpress core, to limit server load from undesirables who may be trying to access the site. I created this code because any site that operates with something like cloudflare or other similar systems are not able to generally filter by htaccess. * I add the code in at line 10 of wp-login, as an example, and can redirect or decline people trying to log in from places and IPs that I do not accept to access the admin area. It greatly cuts down on the brute force attacks on the server. * For the moment, I have to manually re-add the code during every version update, because there is no hook point within wordpress to handle this. Is there a way to have wordpress check for the existance of a “security.php” or whatever file which could be used to help cut down on unwanted attempts to access the core? * Remember, not everyone can filter with htaccess (for different reasons). Viewing 5 replies - 1 through 5 (of 5 total) * Thread Starter [Another Guy](https://wordpress.org/support/users/another-guy/) * (@another-guy) * [11 years, 1 month ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/#post-6115353) * Why was this moved to “troubleshooting”. There is no “trouble” to shoot, this is request and feedback. * Moderator [Jan Dembowski](https://wordpress.org/support/users/jdembowski/) * (@jdembowski) * Forum Moderator and Brute Squad * [11 years, 1 month ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/#post-6115355) * It was moved because it appeared that your were asking for help for something on your installation. * [https://wordpress.org/support/topic/wheres-my-topic-gone?replies=1](https://wordpress.org/support/topic/wheres-my-topic-gone?replies=1) * You discussed something that you are doing on your own installations. * > I have a routine that **I have installed on wordpress sites** which filters > out incoming requests for things like wp-login, /wp-admin, and so on. * Here’s where you discuss the modifying of core WordPress files. * > I add the code in at line 10 of wp-login * And here’s where you ask about doing it in a better way. * > For the moment, I have to manually re-add the code during every version update, > because there is no hook point within wordpress to handle this. Is there a > way to have wordpress check for the existance of a “security.php” or whatever > file which could be used to help cut down on unwanted attempts to access the > core? * Which is why I’m moving this to the Hacks sub-forum. There is almost certainly a way to do what you wish to accomplish without hacking WordPress that way. Perhaps someone will chime in on the Hacks sub-forum. * **Edit:** If you would like to submit a patch then I am sure that will be reviewed too. * [https://core.trac.wordpress.org/](https://core.trac.wordpress.org/) * Thread Starter [Another Guy](https://wordpress.org/support/users/another-guy/) * (@another-guy) * [11 years, 1 month ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/#post-6115448) * I have looked and I cannot find a way. Any point beyond the first few lines into wp-login or /admin/index.php invokes the actual site installation, starts up the database connection, and a whole bunch of other things – and no plug in can really run before that. * Asking for a better way is a request and suggestion that their needs to be a hook (say executing a file called “pre-login.php”) before every access, and any code the end user desires can run inside that file without having to hack wordpress to do it. * Basically, there is no way (save for htaccess, which is not always possible to use) to deal with login attempts BEFORE anyone access code. For site operators who only update from a single location, or only have a limited number of people working on their site, it would be very beneficial to be able to have a simple way to limit access by country / IP / whatever other items without first having to completely start up a wordpress session. * htaccess is not always available or not always the best tool for the job here. Services such as cloudflare and other caching services make it harder to use htaccess. Some people may not have access to it. * [Jon (Kenshino)](https://wordpress.org/support/users/kenshino/) * (@kenshino) * Lord Jon * [11 years ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/#post-6115472) * What setups don’t have .htaccess or it’s equivalent? * Thread Starter [Another Guy](https://wordpress.org/support/users/another-guy/) * (@another-guy) * [11 years ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/#post-6115475) * Jon, if you are using clouflare or similar services, you cannot use htaccess to block people (or permit access) because the IP address shown is a shared cloudflare address, not the end user address. You can obtain the address in PHP, example, but not at the htaccess level. * You could also do a fairly advanced filtering in PHP that isn’t as easy to set up in htaccess, such as browser type, language, and so on. Yes, it can be done in htaccess, but I can tell you it’s 1000 times easier to get it right in PHP than it is to write a proper regex for htaccess. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Pre-login hook for filtering code’ is closed to new replies. * In: [Hacks](https://wordpress.org/support/forum/plugins-and-hacks/hacks/) * 5 replies * 3 participants * Last reply from: [Another Guy](https://wordpress.org/support/users/another-guy/) * Last activity: [11 years ago](https://wordpress.org/support/topic/pre-login-hook-for-filtering-code/#post-6115475) * Status: not resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics