Simple .htaccess rules to protect wp-login.php and xmlrpc.php

The majority of trash WordPress traffic is targeting wp-login.php with bruteforces and xmlrpc.php for pingback/dos attacks. A simple solution? Enforce IP based ACLs via your web server. Apache 2.4 .htaccess Example: 1 2 3 4 5 <Files wp-login.php> Require all denied # your IP below Require ip xxx.xxx.xxx.xxx </Files><Files wp-login.php> Require all denied # your […]

Read More