In your .htaccess folder in your WordPress root folder, add the following code replacing example\.com with your domain name. For example: mydomain\.com mydomain\.net
This script makes sure you can only login from your domain not via a brute force $_POST attack.
[sourcecode]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?example\.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteRule ^(.*)$ – [F]
</IfModule>
[/sourcecode]
Recent Comments