Use .htaccess to block access to wp-login.php

This is useful in helping stop brute force attacks against WordPress login pages. The .htaccess code below makes it so nobody can access wp-login.php except from your IP:

<Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from x.x.x.x

Place it in the .htaccess file of your WordPress install directory and change x.x.x.x to your IP number.

You can find out your IP number here.

OLI shared hosting clients do not need to do this as we we already blocked access to this page server-wide and whitelisted customer IPs.

The next step to secure your WordPress is to change the login URL.

Share Button