Brute Force Login Attempts on WordPress Getting You Down?


Give them the proverbial, finger.

With WordPress dominating a good 24-25% of the Internet’s website platform share, it should come as no surprise how commonly hackers target it. One of the oldest, and yet, more effective methods of compromising a website is to simply brute force your way through the the authentication system.

Website users, heck, even website administrators (!) are lazy when it comes to creating strong website credentials. This isn’t because they lack the wherewithal — it is simply a matter of convenience. Eventually though, it will come as a lesson learned the hard way.

Below I’m going to share a simple, highly effective way of negating brute force login attempts on your WordPress websites. The short: instead of trying to mitigate nefarious attacks one-by-one, block everyone, and then simply give yourself and/or your web admin’s access to the WordPress Login page, restricted to their IP addresses.

For Linux web servers, we do this by leveraging rules in HTACCESS. Open up that powerful .htaccess file located in the root of your website. Notice: If it does not exist, then you most likely are not using permalinks on your WordPress website. You can manually create the file, just be sure to put a period in-front of the file name. Like this: .htaccess

Now that we have the file opened, you’re going to want to copy/paste the code below into it. You can put it at the top of the file. You will need to modify the lines, don’t just use this “as is”. You have to put YOUR IP address into it, otherwise you’ll block yourself.

But but, what if they have a dynamic IP address?

If users have dynamic IP addresses, you can “allow from” an IP range.

To learn more about IP ranges and blocks, this Wikipedia document will help.

Good luck and enjoy this easy way of blocking brute force attempts on your WordPress login page!

Share the Post

About the Author

Tried and true professional with over 14 years in Web development, project management, business development, branding, mobile computing, online marketing & sales, website design, social media and more. Checkout my latest start-up: blueridge