Prevent brute force attacks to WordPress wp-login page

No need to tell you to use google captcha on all forms, but still people keep trying.
You can always find a plugin to get the job done, but manually you can do this too.


  1. Generate a .htpasswd file using htpasswd generator.
  2. Do not place this file in the same location as your .htaccess file, suggested one folder up
  3. Update .htaccess with folloing code


<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName “Private access”
AuthType Basic

You can use the same method to keep away unwanted unauthorized traffic and SEO bots from your staging sites.

Leave a comment

Your email address will not be published. Required fields are marked *