Protect wp-login from Brute Force attacks that lack referrer

By North Street, A Creative Studio

This simple bit of code should be in every htaccess file. Basically it makes sure that the wp-login referrer matches the site it lives on, to protect against brute force attacks.

Make sure you update the “example.com” portion, or this won’t work!

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} =POST
RewriteCond %{HTTP_REFERER} !^http://(.*)?.example.com [NC]
RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

Receive stories like this in your inbox.

About north street

We engineer the thoughtful transformation of great organizations. Our proven process helps us understand what your competitors are doing right — and wrong. Want to learn more? Let’s chat.

More Notes

Welcome to Your 2024 Branding Pep Talk

Read post

CEO Tom Conlon talks shop on Podcast Marketing Secrets

Read post

CEO Tom Conlon in Conversation with The Opinionistics

Read post

View all