How to harden your wordpress by block brute force attempts on your wp-login.phpMar 4th, 2015 | By admin | Category: Random Musings
So having hte login page exposed publically is nutso to me and because I run Wordfence(and gladly pay for it which everyone should), I get to see how many brute force attempts are happening because it is constantly banning IP’s for requesting forgotten passwords for accounts that don’t exist.
Well today I got tired of receiving those notifications so I just setup a simple .htaccess/.htpasswd wall infront of my admin login by adding this to my .htaccess file:
<FilesMatch "wp-login.php"> AuthName "WordPress Admin" AuthType Basic AuthUserFile /path/to/.htpasswd require valid-user </FilesMatch>Go to /path/to and type htpasswd -c ./.htpasswd username enter the password and viola, no one's getting through. Let them try brute forcing that forever. It has the benefit of not loading any server assets or giving them any access to wordpress.