This article will explain how to block common brute force attacks on WordPress systems.
There are two files that are frequently used for these attacks:
- php
- wp-login.php
To stop a xmlrpc attack, we recommend that you install the Disable XML-RPC plugin and add the following code to your .htaccess file:
<Files xmlrpc.php>
Order Allow,Deny
Deny from all
</Files>
To stop a wp-login.php attack, we recommend that you install the Limit Login Attempts Reloaded plugin and add the following code to your .htaccess file:
<Files wp-login.php>
order deny,allow
allow from xx.xxx.xx.xxx
deny from all
</Files>
This will ensure that only people with a specific IP address can access your WordPress login page. Be sure to change xx.xxx.xx.xxx to your IP address.