I’m using a security plugin that keep sending me emails:
“A lockdown event has occurred due to too many failed login attempts or invalid username:
Username: Admin
IP Address: 195.154.243.31
IP Range: 195.154.243.*
Log into your site’s WordPress administration panel to see the duration of the lockout or to unlock the user.”
I tried to block the access to wp-admin folder and create htaccess file with this code:
order deny,allow
deny from all
allow from <my ip>
also in the root htaccess i added :
<Files ~ "(wp-login.php|wp-signup.php)">
Order Deny,Allow
Deny from all
Allow from <my ip>
</Files>
how does the attacker/bot try to login?
2 Answers
@birgire has a right answer
And they can use WPScan for example, with a brute force attack on wp-login.php
I recommand to rename your login page, you can do it manually or with a plugin.
