Prevent brute force attacks to WordPress wp-login page

No need to tell you to use google captcha on all forms, but still people keep trying.
You can always find a plugin to get the job done, but manually you can do this too.

 

  1. Generate a .htpasswd file using htpasswd generator.
  2. Do not place this file in the same location as your .htaccess file, suggested one folder up
  3. Update .htaccess with folloing code

 

<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName “Private access”
AuthType Basic
</Files>

You can use the same method to keep away unwanted unauthorized traffic and SEO bots from your staging sites.