[wp-hackers] Admin Login Brute Force Attacks (Revisited)
Andrew Ozz
admin at laptoptips.ca
Sun May 19 23:32:31 UTC 2013
Another good prevention measure is to set a simple htaccess password (or
equivalent) only for wp-login.php. Yeah, the users will have to enter
two passwords when logging in (heh, pseudo 2-step authorization?), but
the bots only hit Apache not getting to PHP at all. Works on most shared
hosting and reduces server load.
AuthType Basic
AuthName "[whatever]"
AuthUserFile "/path/to/.htpwd"
<Files "wp-login.php">
require valid-user
</Files>
More information about the wp-hackers
mailing list