User of WordPress experience large amount of login tries everyday. This is to prevent such malicious attacks by defining a white list of allowed IP addresses…
The login page is initiated by requesting the
wp-login.php file. In the root directory of WordPress, there exists a
.htaccess file, which can be modified as follows:
# After the following "RewriteEngine" rule, RewriteEngine On # insert the following lines: # Protect wp-login Order Deny,Allow Deny from all Allow from ::1/128 # IPv6 localhost (CIDR mask is mandatory) Allow from 127.0.0.1/32 # IPv4 localhost (CIDR mask is mandatory) Allow from A.B.C.D # Insert as many IPs Allow from aaaa:bbbb:cccc::/64 # or networks as required # Alternatively modify the ErrorDocument ErrorDocument 403 /pathToTheErrorDocument/error.php
If the alternative
ErrorDocument is specified, it can be fine tuned as follows:
Such error document will forward the invalid (IP-sourced) requests to the default WordPress page.