Cutting down on brute force attacks

We all know not to use the “admin” user for anything important since it is an obvious target for a brute force attack, however it is easy enough to determine the primary user of a wordpress site by appending “/?author=1” to the end of the sites’ base URL.

This functionality can be neutralized via another great code snippet from Jeff Starr found here.
Add to your .htaccess file:

note: you may change the RewriteRule URL to anything you would like

Another way to initiate a Brute Force attack is via the “xmlrpc.php” file. This is a core WordPress file (that will someday be eliminated) which was put in place long ago to facilitate off-site content composition … this file can be used for Brute Force attacks as well. For a further discusion go here
Add to your .htaccess file: