Now that you have the complete frontend that works independent of WordPress you can completely rid the PHP frontend of WordPress and use only as a backend.
#1 Security
Preventing access to wp-admin
and wp-login.php
by IP address and forbid access. This requires you to modify the .htaccess
file on your WordPress instance you need to add these rules.
Note, 10.0.0.1
should be replaced with your current IP if you need to allow access to multiple IP addresses if you have several authors then you need to add extra allow from 11.0.0.1
.
<Files wp-login.php>
order deny,allow
deny from all
allow from 10.0.0.1
</Files>
But if you are behind Cloudflare like me then the above configuration will not work you need to do something like this.
SetEnvIF CF-Connecting-IP "10.0.0.1" MySecretIP
<Files wp-login.php>
order allow,deny
allow from env=MySecretIP
</Files>
If you try going to your wp-admin
from another IP (test via mobile data) you will hit 403 Forbidden
.
#2 Ditching the WordPress frontend
The final step, getting rid of WordPress frontend, assuming you already have YOUR-DOMAIN
pointing to WordPress you might need to move to something like SUBDOMAIN.YOUR-DOMAIN
and have YOUR-DOMAIN
pointed to your Sapper frontend. Easiest way is to use any migration plugins to move to your subdomain so that you don't mess much with the delicate backend and if you have the WordPress.com
version then you will have an easier time with this because you can consume the APIs from your custom WordPress URL.
Also do not forget to change the API Endpoints on your .env
file.
Here is my repo. The trash
folder has the default blog of Sapper.
https://github.com/peopledrivemecrazy/Sapper-WordPress
Here is the Sapper version of the site https://sapper.anoram.com/
Top comments (0)