• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 384
  • Last Modified:

How to Protect WordPress from Attacks with .htaccess plugin?

Some of my wordpress sites have been attacked by brute-force attacks. The hosting company put in an .htaccess file and limited access to the wp-login.php file to only specific IP addresses.

I was previously using a plugin called "limit login attempts", but this plugin still results in server overload during an attack.

Question: Are there plugins available today that will EASILY modify the .htaccess files so that only specified IP addresses will have access to the admin panel? I have several WordPress sites that I either administer directly for my clients, or my clients assume that I will keep them protected while they administer the site, so I want to keep this as easy as possible - both for me and the client.

Thank you.
0
Lev Seltzer
Asked:
Lev Seltzer
  • 2
2 Solutions
 
Jason C. LevineNo oneCommented:
Both WordFence and Better WP Security can do it, but you should test that.  If you subscribe to Sucuri then you also get access to their plugin for WordPress and it will also lock down the admin.

One other thing to consider is moving the targeted sites to a more security-conscious host...
0
 
Lev SeltzerAuthor Commented:
I use secure paid version for a different website, but the free version does not seem to have this option. It may be that there are no programs that directly modify the .htaccess file, which is what I need. Otherwise, the robot will still waste the server's time while the lookup is made to determine that the IP is not accepted.
0
 
Jason C. LevineNo oneCommented:
Again, don't know for sure if a plugin will do this in the exact way you want.  The actual changes are simple enough:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.121$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.122$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule> 

Open in new window

0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now