[wp-hackers] Admin Login Brute Force Attacks (Revisited)

Daniel danielx386 at gmail.com
Sun May 19 23:35:59 UTC 2013


Or you could just set it (as long as you are the only person who needs to
log in and you got a static IP address) so that only 1 IP address can get
to that file.



On Mon, May 20, 2013 at 9:32 AM, Andrew Ozz <admin at laptoptips.ca> wrote:

> Another good prevention measure is to set a simple htaccess password (or
> equivalent) only for wp-login.php. Yeah, the users will have to enter two
> passwords when logging in (heh, pseudo 2-step authorization?), but the bots
> only hit Apache not getting to PHP at all. Works on most shared hosting and
> reduces server load.
>
> AuthType Basic
> AuthName "[whatever]"
> AuthUserFile "/path/to/.htpwd"
> <Files "wp-login.php">
> require valid-user
> </Files>
>
>
>
> ______________________________**_________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> http://lists.automattic.com/**mailman/listinfo/wp-hackers<http://lists.automattic.com/mailman/listinfo/wp-hackers>
>


More information about the wp-hackers mailing list