If your WordPress blog or website has been hacked numerous times and you have followed all of the tips on securing it, there is one other thing you can do – limit which ips (i.e. computers/internet connections) can login to your WordPress admin panel. Recently there has been a rash number of brute force login attacks on WordPress blogs and websites. Even an unsuccessful login can prove to be detrimental to your website by causing a heavy server overload, thereby perhaps necessitating a server reboot, and leaving your website offline for a bit. And a successful login – that can really mess up your website.
Here’s how to do it:
Add these lines to your existing WordPress directory .htaccess file, or create a .htaccess file if you don’t have one yet. (If you are using WordPress integrated with UltimateWB, you will already have a created .htaccess file in your WordPress directory) This example limits ips to WordPress’s login page. The file “wp-login.php” can be modified to any file that may be at risk of being targeted for brute force attacks.
WordPress .htaccess Location: /wordpressdirectory/.htaccess file:
examples:
/httpdocs/ (root directory installations of WordPress)
/wordpress/
/blog/
…etc.
Lines to add:
<FilesMatch wp-login.php>
Order Allow,Deny
Allow from 123.123.123.123 (replace with YOUR IP)
#Allow from 123.123.123.121 additional lines can be added for multiple IP access
#Deny from all
</FilesMatch>
Easy! Contact us if you have any questions, or post a comment here.
Related:
Why do WordPress websites and blogs get hacked so much?
WordPress website hacked? How to fix it…!
Copyright ©