Not long ago, we showed you how and why you need to limit WordPress login attempts. Shortly after publishing that article, we began to see an influx of attacks on our site. We had 39 blocks from various IP addresses in a matter of a few hours. I'm not sure if people just wanted to try this plugin, which is why they started making unsuccessful attempts on our site, or if they were real hackers. As a security measure, we decided to limit IP access to our wp-login.php file in WordPress. We already have our WP Admin directory in limited access by IP. In this article, we will show you how to limit IP access to your wp-login.php file in WordPress.
Note:This tutorial is not for total beginners.
Open your main .htaccess file and put this code at the top of the file before anything else.
ordenar denegar, permitir Denegar de todas las # la lista blanca de West Palm Beach La dirección IP permite desde xx.xxx.xx.xx #whitelist La dirección IP de Gainesvile permite desde xx.xxx.xx.xx
Don't forget to replace the IP addresses with your own. The only real drawback to this is that if you have dynamic IPs, it can be a problem. Otherwise this works like a charm. Also, the wp-login.php style is broken, but that's not a priority at the moment. We just wanted to prevent failed login attempts.
For added admin security, check out our article on 13 Vital Tips and Tricks to Protect Your WordPress Admin Area.
