Wordpress Brute Force Attempts / Restrict wp-admin by IP Address

Default installations of wordpress do not include any brute force protection so it is strongly recommended to apply additional security steps to help combat this. You can read more about this problem direct from Wordpress here:

http://codex.wordpress.org/Brute_Force_Attacks

There are numerous security plugins available for wordpress which can assist, the most popular of which is called Wordfence: http://wordpress.org/plugins/wordfence/

You can also restrict access to the wordpress login area to certain IP's by adding the following to the .htaccess file found in the wordpress install directory:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Replace 111.111.111.111 with the actual IP address of the user whom should be allowed access. You can add multiple entries for the 'REMOTE_ADDR' section to allow numerous users.

In addition, you will need to keep wordpress completely up to date as exploits are found somewhat regularly and security updates are released often. You can read further information regarding securing wordpress here:

http://codex.wordpress.org/Hardening_WordPress

  • 2 användare blev hjälpta av detta svar
Hjälpte svaret dig?

Relaterade artiklar

How to remove multiple posts with a single click in WordPress?

It is possible to remove multiple post in your WordPress dashboard. You can also remove selected...

How to Install and Activate the Insecure Content Fixer Plugin

If you have installed an SSL on your site, but you are unable to see a green lock appear or your...

How to remove sample comments, posts on a new WordPress blog?

If you installed a fresh WordPress blog system on your website ,before writing new posts, you...

How to Update to the Latest Version of PHP in DirectAdmin

You can change the PHP Version on your sites at any time by logging in to your DirectAdmin...

WordPress Form Mail via SMTP

WordPress Contact Form Mail via SMTP  Default WordPress settings use phpMail, an older...