WordPress.org

Ready to get started?Download WordPress

Forums

Block Hackers Without Using .htaccess (1 post)

  1. TIves
    Member
    Posted 1 year ago #

    Hello all,

    Looking for a little help please. I do not have access to the .htaccess file as it is a shared file across all blogs (don't ask me!!).

    About one to two times a week we get brute-force attempts against wp-login.php. When this file is accessed a call is mase to the dB, and at 100s of requests per minute it crashes the site.

    I have placed a php redirect in the wp-login file so that I can send these attempts somewhere else. However, I am finding that the dB is still being spun-up. Here's the code I used:

    if ($_SERVER["REMOTE_ADDR"] = "205.204.81.148"){
    header('location:http://www.blahblah.com');
    }

    Is there anyway to intercept the call prior to it hitting this file (without using .htaccess)?

    What if I change the name of wp-login to something else, and then in wp-login simply vet the IP address and if all is good do a redirect to the new file name?

    Any thoughts you may have would be greatly appreciated.

    Thanks!

    Trip

Topic Closed

This topic has been closed to new replies.

About this Topic