There is a major bout of wordpress hacking doing the rounds.. which on servers with many hundreds of wordpress sites can equate to a denial of service attack.
Try the following as a means to protect ram and cpu resources by .htaccess protecting wp-login.php file from public access. The following method assumes you are using something like cpanel’s file manager, but could be done locally as well with relevant files.
1) Edit root wordpress level .htaccess file and add the following to the top of the file:
1 2 3 4 5 6 7 8 9 10 | # BEGIN Admin Protection
ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/{account}/.wppassword
require valid-user
</FilesMatch>
# END Admin Protection |
Replace {account} with your’s account account name. Save.
2) Next go to the top level – above public folders and files and create a blank file called .wppassword and using an external service like http://www.htaccesstools.com/htpasswd-generator/ create a username and a password to be used in this .wppassword file. Copy returned content and add to your just created .wppassword file and save.
3) Now go to login to your wordpress site.. a popup box should appear asking for your username and password, which will be the same as you selected for (2) above. If not, please check which .htaccess file you edited.. should be the same level as the wp-login.php file – same directory, or if username/password not accepted, check the path to your .wppassword file eg line AuthUserFile /home/{account}/.wppassword
I hope this helps..we have a server with many hundreds of wordpress sites, and due to hacking server load kept on soaring from 4.0 to well over 100 crashing the web server and also denting search engines ability to index the websites..
portflood protection can also provide temporary cover, but false positives tend to not make it a long term solution.
