On my website, the highest GPU usage is actually on the WordPress login page, not the home page. I have basically come to the conclusion that it is being attacked by a brute force attack, or something similar.
I have installed a plugin that prevents password attacks from bots, but it doesn't prevent the bots from actually visiting the page in the first place.
I want to change the location of the login page to something like wp-login-here.php, or perhaps there is a better solution. The Stealth Plugin seems like it would do the trick, but it is not compatible with recent versions of WordPress. Any ideas?
EDIT: The real solution to this problem was for me to do a clean install of WordPress, this time in a version that was supported by the Stealth plugin. After installing WP and the Stealth plugin on this earlier version of WP, I used the .htaccess file that the plugin created and copied it over (after making a few modifications) to the production site. The reason I accepted the answer I did was because Bad Behavior ended up being a good plugin, and the other advice was useful.
How would I go about adding a password to a single file?
Add this to WP's current .htaccess
:
<FilesMatch "wp-login.php">
AuthName "WordPress Admin"
AuthType Basic
AuthUserFile /path/to/.htpasswd
require valid-user
</FilesMatch>
bad behavior can block out some known malicious IP addresses. it works together with ProjectHoneyPot and keeps bad IPs out of your webpage before it's even fully loaded...
also, there is a way to hide your login page using .htaccess
lock out everyone attempting to login more than a few times as already pointed out by Jimmy
and besides that you should probably enforce the following practises:
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With