A Few Simple Tricks to Protect Your WordPress Sites

  • 0
A Few Simple Tricks to Protect Your WordPress Sites

A Few Simple Tricks to Protect Your WordPress Sites

Tags : 

Here are a few very simple tricks to protect your WordPress site(s) in view of the recent massive brute-force global attacks.

Limit the access to the wp-admin directory by IP address:

If you are the only person who needs to log into your admin area and if you have a static IP address, you can deny access to the wp-admin folder to everyone but yourself via an .htaccess file.

Create a file called .htaccess using a plain text editor or simply edit the existing one (if any) and add:
# Block access to wp-admin.
order deny,allow
allow from (x.x.x.x)
deny from all

Here (x.x.x.x) is your IP address. You can add multiple IP addresses by adding the line: allow from x.x.x.x in accordance with the number of IPs you wish to whitelist.

Limit the access to the wp-login.php file by IP address:

You can also limit the access to your wp-login.php file inside your wp-admin/ area via an .htaccess file.

Create a file called .htaccess or simply edit the existing one (if any) in the /wp-admin folder and add:

Order allow,deny
Allow from (x.x.x.x)
Deny from all

Here (x.x.x.x) is your IP address. You can add multiple IP addresses by adding the line: allow from x.x.x.x in accordance with the number of IPs you wish to whitelist.

If you don’t know your IP you can either type into Google What is my IP address? or visit http://whatismyipaddress.com

Update your robots.txt file:

Add the following lines in your robots.txt file or create a file named robots.txt with the following content:
User-agent: *
Disallow: /wp-admin
Disallow: /wp-login.php
Disallow: /administrator

This will essentially block search engines from indexing these URLs, as brute-force attackers generate lists of such URLs (intitle: Log In and inurl: wp-login) namely with the help of the major search engines.

This method is more of a long-term prevention, as it will take a few months for the search engines to update this information, but it should make brute-force attempts disappear for good.

Westgate WEBS


Leave a Reply