123 Reg Support

Block common WordPress attacks

This article will explain how to block common brute force attacks on WordPress systems.

There are two files that are frequently used for these attacks:

  • php
  • wp-login.php

To stop a xmlrpc attack, we recommend that you install the Disable XML-RPC plugin and add the following code to your .htaccess file:

 <Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>

 

To stop a wp-login.php attack, we recommend that you install the Limit Login Attempts Reloaded plugin and add the following code to your .htaccess file:

<Files wp-login.php>
order deny,allow
allow from xx.xxx.xx.xxx
deny from all
</Files>

This will ensure that only people with a specific IP address can access your WordPress login page. Be sure to change xx.xxx.xx.xxx to your IP address.