Bruteforce attack

Joined
Mar 27, 2015
Messages
232
Likes
107
Degree
1
Getting hammered with bruteforce attempts on my WP brand site.

Bruteprotect plugin has been suggested by the server IT guy - anyone deal with this issue before or have any recommendations?
 

jakesnke

BuSo Pro
Joined
Jan 5, 2015
Messages
45
Likes
46
Degree
0
Whitelist any IPs you have of VAs, authors etc that are out of the US, then have you IT guy block all IPs outside of us to the /wp-admin and /wp-login page.

Use a plugin (maybe brute protect?) to limit log in attempts to 1 or 2 tries per IP, and then lock out the IP for the maximum time available - just make sure you dont lock yourself out.
 
Joined
Mar 27, 2015
Messages
232
Likes
107
Degree
1
Nice one man thats a cool idea so I will go ahead and get it done.
 

Ryuzaki

女性以上のお金
Staff member
BuSo Pro
Digital Strategist
Joined
Sep 3, 2014
Messages
3,416
Likes
6,239
Degree
7
Yeah, just go into your .htaccess and add the following:

Code:
# prevent viewing of a specific file
<files wp-login.php>
order deny,allow
deny from all
allow from YOUR IP ADDRESS
allow from YOUR VA'S IP ADDRESS
</files>
Should dry it right on up. All of those "after 3 attempts ban the IP" plugins are goofy. NOBODY should be on your WP-login but the chosen few.
 
Joined
Mar 27, 2015
Messages
232
Likes
107
Degree
1
thanks guys! doing right now, appreciate it.
 

Frequencies

BuSo Pro
Joined
Feb 25, 2015
Messages
29
Likes
9
Degree
0
I use this in the admin folder:

# Limit logins and admin by IP
<Limit GET POST PUT>
order deny,allow
deny from all
allow from my ip
allow from my ip
</Limit>
Would this work well enough?
 

Frequencies

BuSo Pro
Joined
Feb 25, 2015
Messages
29
Likes
9
Degree
0
Today I received more than 200 messages coming from the contact form.
All those message where sent in 2 minutes, with code as subject.

What can I do to be 'sure' nothing will be hacked, without using a plugin?