- a main site with add on domains
- main site is plain HTML
- add on domains are all wordpress with login pages
- am using htaccess to restrict access to the login page based on IP address - works fine

- if "bad guy" goes to http://www.addon001.com/wp-login.php they get an error message
- if "bad guy" goes to http://addon001.mainsite.com/wp-login.php they can attempt to login (though wordfence limits to 2 attempts per IP per 2 hours) and, of course, I do not want this!

I created a redirect in mainsite's htaccess and that seems to work (see below)
Is that the best way and are there any "gotchas"?

thank you

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteCond %{HTTP_HOST} ^addon001.mainsite.com$ [NC]
RewriteRule (.*) http://www.addon001.com/$1 [R=301,L]

RewriteCond %{HTTP_HOST} ^addon002.mainsite.com$ [NC]
RewriteRule (.*) http://www.addon002.com/$1 [R=301,L]