You may have heard that these days hackers are attacking WordPress blogs with distributed attacks means they are using botnets. Botnets are those computers which are being controlled by bad people of cyber world I am talking about black hat hackers. So hackers are using botnets to attack WordPress login directory wp-login.php and they are using brute-force attack. Brute-force is a very famous hacking technique to find out passwords we just have to know the username then we can find out the password by very commonly used passwords so if you are a WordPress user and you own a WP blog then you need to survive from this deadly attack because you don’t want to use your blog’s admin panel without your permission so WordPress blogs are under attack and I am going to share that how you can limit access to wp-login using .htaccess file so let’s get started.
First I want you to read this post and do as I wrote in that post and then you are ready to do one more thing which is most important to survive this attack so please follow all the steps which I am going to share below and make sure you do as I said so that you don’t get any problem with your WordPress blog.
1. First of All Change Default Username
The very first thing I want you to do is to please change default username of your WordPress blog as the founder of WordPress also recommended that those who are using the default admin username for their blogs they should change it now and also make your password strong by adding special characters, capital letters, small letters and numbers so first you have to do this.
2. Limit Access to wp-login.php Using .htaccess
The next thing you should do is to limit access to the main login file of your blogs which is wp-login.php so we can limit access using .htaccess file right now I have limited the access so no one can access the login file except the IP address which I am using right now e.g. we can set only 1 IP address which can access login file or we can also set series of IP addresses which can access wp-login file so in the video below I am going to show you that how you can limit access to wp-login.php using .htaccess