A very radical, but effective, solution to protect your wp-admin
directory from brute force attacks, as well as any kind of intrusion, is to restrict access to this directory to a single IP address, yours.
Before applying this recipe, you need to make sure that you're using a static IP address. To do so, ask your Internet Service Provider (ISP). This recipe can't be achieved if you're using dynamic IP addresses.
The first thing to do is to find out your IP address. There's many way to obtain it, but the simplest is to go to http://whatsmyip.org/. Once you visit the site, your IP address will appear, as shown in the following screenshot:
Then, create a file named
.htaccess
on your computer and enter the following lines in it. Do not edit the.htaccess
file located at the root of your WordPress install.AuthUserFile /dev/null AuthGroupFile /dev/null AuthName "Example Access Control" AuthType Basic <LIMIT GET>...