Sick and tired of wp-login.php attacks

  • I had so many attacks on wp-login.php it was cluttering up my WF Live Traffic something awful. Finally got fed up. Figured it would be better to block those in .htaccess so I don’t see them unless I directly examine the server logs.

    So, I’ve got my WordPress login hidden by using the plugin “WPS Hide Login.” I then added a block to my .htaccess file blocked files thus:

    <FilesMatch “^(wp-login\.php|wp-config\.php|xmlrpc\.php|wp-trackback\.php|wp-config-backup\.php)”>
    Order Deny,Allow
    Deny from all
    </FilesMatch>

    I leave this comment here as a questioni to WF support, can you give me any idea if there is a downside to doing this with .htaccess, instead of blocking wp-admin.php in Wordfence using the “Block IPs that access these URLs…” on the WF options page?

    Thanks, MTN

    https://www.ads-software.com/plugins/wordfence/

  • The topic ‘Sick and tired of wp-login.php attacks’ is closed to new replies.