HTTP Basic Authentication as secondary defense for wp-admin - blocks brute force attacks. Also blocks users (bots) with No-Referrer Headers.
This plugin helps prevent annoyance from multiple brute force login attempts to your site. It does this by adding an additional authentication method. Once you enable the plugin and enter a username and password ( please use a different username and password than your WordPress admin account ). Any user or bot that attempts to access wp-admin or your login page will be required to successfully enter the additional authorization details before allowed access to the WordPress login page. You can also set your login page to not allow direct access without a valid referrer header from your site. Please Note: No security plugin will provide 100% protection from hackers. This plugin simply makes it harder for them to gain access using automated techniques. Please remember to ALWAYS KEEP UP TO DATE BACKUPS and use STRONG PASSWORDS!!
PLEASE NOTE: Very Limited support will be offered for this plugin but it will be kept up to date and any bugs can be reported on the github page at https://github.com/c3mdigital/password-protection.