Wordpress Brute Force Attempts / Restrict wp-admin by IP Address

Default installations of wordpress do not include any brute force protection so it is strongly recommended to apply additional security steps to help combat this. You can read more about this problem direct from Wordpress here:


There are numerous security plugins available for wordpress which can assist, the most popular of which is called Wordfence: http://wordpress.org/plugins/wordfence/

You can also restrict access to the wordpress login area to certain IP's by adding the following to the .htaccess file found in the wordpress install directory:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteRule ^(.*)$ - [R=403,L]

Replace with the actual IP address of the user whom should be allowed access. You can add multiple entries for the 'REMOTE_ADDR' section to allow numerous users.

In addition, you will need to keep wordpress completely up to date as exploits are found somewhat regularly and security updates are released often. You can read further information regarding securing wordpress here:


  • wordpress, web development, brute force
  • 2 Користувачі, які знайшли це корисним
Ця відповідь Вам допомогла?

Схожі статті

WordPress Form Mail via SMTP

WordPress Contact Form Mail via SMTP  Default WordPress settings use phpMail, an older...

utf8mb4 requires a newer client library error

While checking the WordPress ‘Site Health’ status page, you may see ‘utf8mb4 requires a newer...

WordPress Resources

Getting StartedWordPress Codex - New To WordPress - Where to StartWordPress Codex - First Steps...

Optimizing WordPress Sites

For a more general information on shared hosting resource limits, please refer to the following...

What Should I Do If I Receive a ‘Resource Limits Reached’ Error?

Why are there limits in place?Resource limits on shared servers are set and enforced with...