Stopping brute force attacks
-
Hi there,
I’ve been having trouble for a number of months with brute force attacks on my website, which I’m currently monitoring with the Limit Login Attempts plugin.
Initially I was manually blocking IP addresses in the htaccess file, but this was becoming tedious with IP addresses being locked out daily.
I’ve taken the decision to block ALL IP addresses apart from my own from the wp-login.php page using the following code in the htaccess file:
<IfModule mod_rewrite.c> RewriteEngine on RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$ RewriteCond %{REMOTE_ADDR} !^XXX\.XXX\.XXX\.XX$ ErrorDocument 403 /blocked.php RewriteRule ^(.*)$ - [R=403,L] </IfModule>However, I am still getting lockouts daily!
Are there any suggestions for stopping IP addresses from trying to access my website through the wp-login page?Thanks
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
The topic ‘Stopping brute force attacks’ is closed to new replies.