Wordpress Brute Force Attempts / Restrict wp-admin by IP Address

Default installations of wordpress do not include any brute force protection so it is strongly recommended to apply additional security steps to help combat this. You can read more about this problem direct from Wordpress here:

http://codex.wordpress.org/Brute_Force_Attacks

There are numerous security plugins available for wordpress which can assist, the most popular of which is called Wordfence: http://wordpress.org/plugins/wordfence/

You can also restrict access to the wordpress login area to certain IP's by adding the following to the .htaccess file found in the wordpress install directory:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Replace 111.111.111.111 with the actual IP address of the user whom should be allowed access. You can add multiple entries for the 'REMOTE_ADDR' section to allow numerous users.

In addition, you will need to keep wordpress completely up to date as exploits are found somewhat regularly and security updates are released often. You can read further information regarding securing wordpress here:

http://codex.wordpress.org/Hardening_WordPress

  • 2 Пользователи нашли это полезным
Помог ли вам данный ответ?

Связанные статьи

Optimizing WordPress Sites

For a more general information on shared hosting resource limits, please refer to the following...

How to start writing your first blog post in WordPress?

1. Login to your WordPress admin dashboard.2. Under the dashboard menu, hover your mouse on Posts...

How to install an SSL in DirectAdmin for your WordPress site

Once you have logged into your DirectAdmin control panel you will want to select the domain which...

How to Force Your Site to HTTPS

You can add the following code to your .htaccess file to force your site from HTTP to HTTPS....

How to Install WordPress on a subdomain Using Softaculous

Due to a DirectAdmin change within the structure of access to the subdomains, WordPress cannot be...