How to: Access wp-admin or wp-login.php under Brute Force Attack?

There have been a great buzz with WordPress core installations about a Brute Force Attack occurred on WordPress Login page. However it’s been a global attack on WordPress installations, which took place in a really organized and great manner and almost more than 90,000 IP addresses involved in this attack.

See what error is? Whenever you call your WordPress login page an error may take place called “WordPress Logins Temporarily Disabled”.

I myself was unable to login on my site ( between 5pm to 12: 30 am GMT +5:00) but I just figure out how to prevent such kinda vulnerabilities for present and for future time.

Read: Top 12 Practices to Secure your WordPress site From Being Hacked

How to prevent wordPress brute force attack

How to Solve Brute Force Attack on WordPress Login Page?

All you have to do is to insert the following line of codes in your .htaccess file located in /public_html/yourdomain/.htaccess, add your IP address on the line 4, click here to find out your current IP address:

<files wp-login.php>
Order Deny,Allow
Deny from all
Allow from

The above line of codes will only give you the access to your WordPress blog’s login page. You can add multiple IP addresses for your blog editors, subscribers, contributors, etc… Now, you must have to act upon the following tips to prevent such kinda attacks for future:

Tips to Prevent Brute Force Attack For Future?

1. Change your Password (Check out how strong is your password, with password strength meter)
2. Install Limit Login Attempts WordPress plugin
3. Password Protect the directory wp-admin
4. My Opinions to Prevent Brute Force Attacks on WordPress Login

That’s all.

Similar Posts


    1. Just login to cPanel and goto to the directory where you WordPress core installation is available. This is where you will be able to access .htaccess file of your blog. BTW thanks for the comment.

Leave a Reply

Your email address will not be published. Required fields are marked *