{"id":816,"date":"2013-04-12T11:52:06","date_gmt":"2013-04-12T10:52:06","guid":{"rendered":"http:\/\/blogs.silicontechnix.com\/?p=816"},"modified":"2013-04-16T09:18:54","modified_gmt":"2013-04-16T08:18:54","slug":"prevent-wordpress-loginbrute-force-attack","status":"publish","type":"post","link":"https:\/\/blogs.silicontechnix.com\/?p=816","title":{"rendered":"Prevent WordPress Login\/Brute Force Attack"},"content":{"rendered":"

 <\/p>\n

There is a worldwide, highly-distributed WordPress attack that is ongoing on most of the WordPress powered blogs.<\/p>\n

The following steps can be used to secure (by password protection) wp-login.php<\/code> for all WordPress sites in your cPanel account:
\nHow to Password Protect the wp-login.php File
\nThere are two (2) steps in accomplishing this. First you need to define a password in the .wpadmin<\/code> file, and then you activate the security in the .htaccess<\/code> file.<\/p>\n

Step 1: Create the Password File<\/strong>
\nCreate a file named .wpadmin<\/code> and place it in your home directory, where visitors can’t access it. (Please note there is a period preceding the wpadmin in that file name.) The following example is for cPanel. Plesk would require placing the file in \/var\/www\/vhosts<\/code> or \/var\/www\/vhosts\/domain<\/code>.<\/p>\n

EXAMPLE: \/home\/username\/.wpadmin<\/code> (where “username” is the cPanel username for the account.)<\/p>\n

Put the username and encrypted password inside the .wpadmin<\/code> file, using the format username:encryptedpassword<\/code><\/p>\n

EXAMPLE: silicon:n5MfEoHOIQkKg<\/code> (where “silicon” is a username of your choice, and the password shown is encrypted.)<\/p>\n

Option A: Generate Password File & Uploading Via File Manager<\/strong>
\nOne way to do this is to generate the file using the website linked below, and then upload it to your site via FTP or File Manager. In the directions below, we will use File Manager, but you could use FTP instead, for those of you familiar with FTP.<\/p>\n

    \n
  1. Visit: http:\/\/www.htaccesstools.com\/htpasswd-generator\/<\/a><\/li>\n
  2. Use the form to create the username and password.<\/li>\n
  3. Login to cPanel in another window.<\/li>\n
  4. Click on File Manager<\/li>\n
  5. Select “Home Directory”<\/li>\n
  6. Check “Show Hidden Files (dotfiles)” if not already checked.<\/li>\n
  7. Click on the “Go” button.<\/li>\n
  8. Look for a .wpadmin<\/code> file.\n