Wordpress Attack

[jberg]

Hello,

I was wondering if anyone has some advice to help stop Brute Force Attack on a Wordpress site on a TCH shared hosting account? I have installed a couple plugins to help stop the problem but even using the Limited Login plugin, I still have some sites that get continual failed logins from different IP's every fraction of a second.

I have seen other hosting companies sometimes will use a protection CAPTCHA by creating a simple .htaccess authentication login for the wp-login.php file. So when trying to login into Wordpress you get the popup that asks for username/password and generally will indicate what the username/password is right in the text of the popup. For example it will say.. Username: adfw3 Password: result of math 33+5. These are mainly to slow down the bots that try to login in every fraction of a second from different IPs.

 

Would anyone know how to implement this on a TCH shared hosting account? I tried to make it work by adding it to the .htaccess file and referencing a passwd file in the .htpasswds but that didn't work.

 

created a user login in .htpasswds (through Cpanel). Then reference it in the main .htaccess file in public_html/.

<Files wp-login.php>

AuthType basic
AuthName "WordPress attack protection CAPTCHA. Enter username: adfw3 Password: The result of math 33+5"
AuthBasicProvider file
AuthUserFile "/home/accountname/.htpasswds/public_html/wp-admin/passwd"

</Files>

 

But this doesn't make the pop-up appear for login, and just goes right to wp-login.php. Am I doing something wrong or is there a better way?

 

Thanks for any help you can provide.

[wkmccall]

Bulletproof Security plugin work along with another plugin I can't think of at the moment but you can search for brute force on the plugin site and it's at the top (or close to it)