Avoid Brute Force Admin Login With Htaccess

Avoid Brute Force Admin Login With Htaccess

TRENDZ, WEB, WORDPRESS

Avoid Brute Force Admin Login With Htaccess




In this tutorial we are gonna learn how to Avoid Brute Force Admin Login With Htaccess because of to avoid the brute force attacks from the anonymous Users and Hackers. We should admit the wordpress is powerful and more secure Content Management System.
We should know all the familiar ways to secure our websites in whatever the possible methods. We can use the third party plugins like iTheme Security and etc.

WordPress 4.7 has been released! Check the more information about Features and Updates at here.

Limit WordPress admin login attempts – Avoid Brute Force Admin Login With Htaccess
In this lesson we are gonna show how to edit our .htaccess file and make a redirect to another login page like wp-login.php.
Step 1: Login into your cPanel.
Avoid Brute Force Admin Login With Htaccess
After logged in you have been landed in the Dashboard page. And there we will see an File Manager icon to enter into the folders section.
In a normal view we doesn’t see an .htaccess file, because it hidden. So now we have to show the file, to do that enter into the public_html folder.
Step 2: Find and click the Settings button at the top right corner.
Avoid Brute Force Admin Login With Htaccess
Step 3: Select the Document Root for your domain and be sure the checkbox next to Show Hidden Files is checked. Click the Save button.




Avoid Brute Force Admin Login With Htaccess
After the above step we enable .htaccess file and now we can edit the file to make our needed changes.
Step 4: Look for the .htaccess file and right click on it. This brings up a menu. Find and click on the Edit option.
Avoid Brute Force Admin Login With Htaccess
Step 5: The system opens up an dialog box pop-up and just click the Edit button.
Step 7: There are a few ways to restrict access to your WordPress admin section using this .htaccess file.
Here we have some methods to achieve the same process or the functionalities. Here we didn’t do all the methods but in future we may learn them. The various methods are shown below,
Secondary WordPress admin .htaccess password
A single IP address
Multiple IP addresses
Trusted referrers




In this Avoid Brute Force Admin Login With Htaccess, each method is different for different scenario’s like single or dedicated IP address or the dynamic IP address and etc.
Single IP Address
You can check Your IP address at Here!!
If we use an single IP Address like a dedicated IP address from your Hosting Providers. Follow this method to give an access for only the single IP address to attempt the login page. Other IP’s are not allowed and it Shows the Bad Gateway error.
To allow access from a single IP address, replace 192\.168\.1\.123 with your own IP address:

Multiple IP Address – Avoid Brute Force Admin Login With Htaccess
To allow access from multiple IP addresses, replace 192\.168\.1\.xxx with your own IP addresses:

Dynamic IP address access, limit by referer – Avoid Brute Force Admin Login With Htaccess
At most we get the Brute Force attacks from sending the direct POST requests to our wp-login.php>.
Most of us having the shared hosting services, so the ip address is dynamically changed for each time we’ve login. The single IP address trick is not works in this case, and we’ve to do it in another way. Here we’ve to set protect our WordPress site by only allowing login requests coming directly from our domain name. By replace example\.com with our own domain name.

Step 8: Wait and try to login after 10-15 Minutes for check the blocker is working or not. It atleast needs 10-15 minutes to make the changes in .htaccess file and then proceed to block or allow.
If we did a login attempt before 10-15 minutes it increases the time again the blocker.
We hope this will helps you a lot about to protect your site form the brute force attacks. And we will learn a lot more in the upcoming lessons.

Leave a Reply