Website hacking is the most common problem faced by people or I must say website owners, the most common technique used by hackers are BRUTE FORCE ATTACK, in this attack a hackers try to access your WordPress blog by trying all the possible combination of username and password. Now we’ll gonna discuss how you can protect your site from such attacks.
The one of the easiest way is to use plugin.
WP-LOGIN LOCK DOWN is the plugin, which provide you the feature of blocking the I.P address, who tries to access your dashboard. In this you can set number of wrong attempts from one I.P, and after the particular amount of attempts (if all were wrong), this plugin automatically blocks the I.P address, the time schedule of blocking I.P can be set by you.
The another way is to provide server side protection around your wp-admin file
How can this be done????
Well it’s not that difficult task to perform this, the all you have to do is just protect you wp-admin file by .htaccess file.
With the .htaccess file you can configure the server to password protect all the files in the wp-admin folder. Therefore before accessing WordPress files, such as the admin area login page you have to first authenticate against the server itself, using HTTP authentication. By password protecting the WordPress admin area, if a malicious user tries to access your WordPress admin area login page to launch a brute-force attack, or any other file which resides in the wp-admin directory to send a harmful crafted HTTP request, he is greeted with a server side login prompt and no direct access to WordPress files is possible.
To password protect your WordPress admin area, you have to create a .htpasswd file. A .htpasswd file contains a list of users and passwords used access the wp-admin file. The credentials to access wp-admin, should be different than those you use to login to your WordPress admin area. Once the .htpasswd file has been created, you can then create a .htaccess file and populate it with the below directives:
AuthUserFile /public_html/folder/.htpasswd
AuthType Basic
AuthName “restricted”
Order Deny,Allow
Deny from all
Require valid-user
Satisfy any
Note: the AuthUserFile directive should contain the path of where the .htpasswd file is stored on the server.
You can also provide more protection by using .htaccess file. If you want to allow certain I.P address to access your I.P address or only once I.P address (if you use fixed I.P ) to access your blog, then you can just do the following editing in your .htaccess file
allow from xxx.xxx.xxx.xxx
and if you are continuously getting spams, useless comments, etc.. etc… you can also stop them from accessing your site by doing the following editing in your site
deny from xxx.xxx.xxx.xxx
NOTE: here xxx.xxx.xxx.xxx is the I.P address which you want to allow or block.
