Brute force attack aims at being the simplest kind of method to gain access to a site (wordpress or not). It combines usernames and passwords, over and over again, until it gets in. That is the main reason why you should always use secure passwords and avoid common usernames (admin, siteadmin, etc…)
The simple way to protect your WordPress site from brute force is to lock the access to wp-login.php file with htaccess.
<Files wp-login.php> Order Deny,Allow Deny from all Allow from x.x.x.x Allow from y.y.y.y </Files>
You can add as much as you want IPs inside the Files block and all other IPs will be blocked with Error 403 (Forbidden error).
Unfortunately this is not the nicest way because IPs you’re accessing from are not always static…
- How to Use SSL and HTTPS with WordPress
- How to Install WordPress Locally for PC/Windows with XAMPP
- How to Properly Uninstall a WordPress Plugin
- How to Fix Category and Comment Count After WordPress Import
- WordPress Speed Optimization with Custom Social Sharing Icons
- How to Verify Your WordPress Site on Pinterest
- How to Display Recent Posts in WordPress
- How to Add Audio Files and Create Playlists in WordPress
- Suppressing Ads for Mobile in WordPress
- Troubleshooting White Screen of Death Errors in WordPress