WordPress based sites have been attacked by a large botnet lately. We use an advanced security system to block these kind of attacks. We protect most popular sofware like WordPress from Brute-force attacks. However, if the password used is too weak, successful attacks can still occur. This current attacks have had over 100,000 IP addresses involved doing the attack.

Below is a list of things one can do to protect the WordPress admin

Password with enough strength

  • At least 8 characters
  • Includes large and small letters, numbers and special characters



IP based .htaccess protection:

Create a .htaccess-file to wp-admin folder (/wp-admin/.htaccess) and attach the following:

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “WordPress protection”
AuthType Basic
order deny,allow
deny from all
# Mat’s allowed IP-address
allow from xx.xx.xx.xxx
# May’s allowed IP-address
allow from xx.xx.xx.xxx

Change xx.xx.xx.xx with your own IP-addresses.

.htaccess password protection:

Create a .wpadmin file in your home folder:


Create the code for the .wpadmin file in the address:


After this create a /home/username/.htaccess file ja attach the following (change username with your own username:

ErrorDocument 401 “Unauthorized Access”
ErrorDocument 403 “Forbidden”
<FilesMatch “wp-login.php”>
AuthName “Authorized Only”
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user

Please contact us for more information or help with this matter.