Protect Your Blogs From Login Brute Force Attacks

[Bec]

I have had a couple of times where my server was brought to its knees because of brute force attacks on my blogs. Last week there was one that targeted the wp-login.php. While natnet put in a security measure for me, some of you may want access to the htaccess code to protect your own blogs.

You can get the code and setup information here: compliments of BulletProofSecurity. Can't say I recommend the plugin they have, (I've tried to set up the plugin, but it isn't a simple click click and done) .... but that code can save you some grief.

[dirtyratstudios]

I believe this will do it if put in an .htaccess file in the wp-admin directory. It prevents them from loading the log in page.

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Example Access Control"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all

allow from YOUR.IP.ADDRESS.HERE

</LIMIT>

[Bec]

Thanks for that .htaccess blocking method! And to clarify, it does go in the wp admin directory and not in the root correct?

[dirtyratstudios]

Yes it goes in the wp-admin folder.

If you have a dynamic IP where the last part of the address changes regularly, you could just put the first part like this:

allow from 46.64.