There have been a great buzz with WordPress core installations about a Brute Force Attack occurred on WordPress Login page. However it’s been a global attack on WordPress installations, which took place in a really organized and great manner and almost more than 90,000 IP addresses involved in this attack.
See what error is? Whenever you call your WordPress login page an error may take place called “WordPress Logins Temporarily Disabled”.
I myself was unable to login on my site (softstribe.com between 5pm to 12: 30 am GMT +5:00) but I just figure out how to prevent such kinda vulnerabilities for present and for future time.
How to Solve Brute Force Attack on WordPress Login Page?
All you have to do is to insert the following line of codes in your .htaccess file located in /public_html/yourdomain/.htaccess, add your IP address on the line 4, click here to find out your current IP address:
<files wp-login.php> Order Deny,Allow Deny from all Allow from xxx.xxx.xxx.xxx </files>
The above line of codes will only give you the access to your WordPress blog’s login page. You can add multiple IP addresses for your blog editors, subscribers, contributors, etc… Now, you must have to act upon the following tips to prevent such kinda attacks for future:
Tips to Prevent Brute Force Attack For Future?
1. Change your Password (Check out how strong is your password, with password strength meter)
2. Install Limit Login Attempts WordPress plugin
3. Password Protect the directory wp-admin
4. My Opinions to Prevent Brute Force Attacks on WordPress Login