Nowadays, hackers seem more interested in attacking WordPress sites. So here is a fast and easy method to prevent WordPress brute force attacks.
We are going to password protect our WordPress login file. Please follow the below steps to secure WordPress login.
1) Open your Apache main configuration file and add the following.
vi httpd.conf <FilesMatch "wp-login.php"> AuthName "Please Authorize to Continue" AuthType Basic AuthUserFile /root/.htpasswd require valid-user
Note: If you are using any other CMS, please find the login file and add that file in the “FileMatch” section.
2) Set up authentication
Create a password file with the user name “auth-usr”.
htpasswd -c /root/.htpasswd auth-usr
( You can also use this .htpasswd generator tool if you don’t like the command line way: http://www.htaccesstools.com/htpasswd-generator )
3) Restart Apache to update these changes.
/etc/init.d/httpd restart
Done!! Now you need to provide this user name and password to access your login pages. It will work with all your WordPress sites—no need to create separate .htaccess files.
If you don’t have root access to the server or if you are on a shared environment, then you can add these same codes to your .htaccess file ( create one if you don’t have one already ) and create a .htpasswd file using http://www.htaccesstools.com/htpasswd-generator/ and put it under your document root. ( Also make sure to change the AuthUserFile path )
So this is how you secure the WordPress Login page.
