This article was written by Eric Sizemore , web developer, programmer and domain owner.
In light of recent events, anyone using WordPress is apparently susceptible to what is called “Distributed WordPress admin account cracking”. You can check out this article for more information. This post aims to provide an extra layer of security to both your folder wp-adminand the file wp-login.php.
Step 1 – Determine who will have access
First, this extra layer of security involves blocking all but a few IPs. If your IP is dynamic, this may not be the best option for you. If you have a lot of users that you allow access to your blog, this could be time-consuming. If you are the only author on the blog, and you don’t allow registrations anyway – this will be fairly simple.
Step 2 – Creating .htaccess
First, let's get your IP address. Go to IPChicken canada number list and note down your IP address. Next, download the .htaccess files that were created for this post.
Once you extract the archive, you should see a .htaccess file and a wp-admin folder with a .htaccess file inside. Open the main .htaccess file and you should see:
<Archivos wp-login.php>
Orden Denegar,Permitir
Denegar desde todos
Permitir desde xx.xx.xx.xx
</Archivos>
Edit the “Allow from” line to reflect your IP address. To add more IP addresses, add a new line with “Allow from” and the next IP address, and so on. Now, you most likely already have a .htaccess file in your WordPress root folder. If so, edit the file and copy and paste the contents of your edited .htaccess file from the zip, and save/reload.
Now open the .htaccess file inside the wp-admin folder of the zip. You should see something like:
Orden Denegar,Permitir
Denegar desde todos
Permitir desde xx.xx.xx.xx
Do the same as above. And add any extra IPs you want to allow in the wp-admin area. Most likely you don't have a .htaccess file in your wp-admin folder, so just upload the edited .htaccess file from the zip to your wp-admin folder.