Cutting down on brute force attacks

We all know not to use the “admin” user for anything important since it is an obvious target for a brute force attack, however it is easy enough to determine the primary user of a wordpress site by appending “/?author=1” to the end of the sites’ base URL.

This functionality can be neutralized via another great code snippet from Jeff Starr found here.
Add to your .htaccess file:

	
	RewriteCond %{QUERY_STRING} ^author=([0-9]*)
	RewriteRule .* https://www.youtube.com/watch?v=slQAHnEAlQg? [L,R=302]

note: you may change the RewriteRule URL to anything you would like

Another way to initiate a Brute Force attack is via the “xmlrpc.php” file. This is a core WordPress file (that will someday be eliminated) which was put in place long ago to facilitate off-site content composition … this file can be used for Brute Force attacks as well. For a further discusion go here
Add to your .htaccess file:

    # Block WordPress xmlrpc.php requests
    
    order deny,allow
    deny from all

ABOUT

WORDPRESS

KNOWLEDGE BASE

Plasterdog Web Design