Hello.
The modified .htaccess seems work correctly on my tests. Can you post your website address here? I would like to test to know is that rewrite rule working or not.
Also, you might want to put a list of bad IPs in your Banned Users section.
My website was under attacked by login attempts many times everyday. So I installed a plugin to view the visitors’ IPs. After some months of careful analyzing the data, now I have a list of the bad IPs.
By putting the list into the Banned Users, my website now never visited by brute force login attackers. You can get the list on this thread:
http://wordpress.org/support/topic/how-to-ban-admin-logins
Hi,
My web site is http://www.nonsolopiccante.it
I’m using also a huge ip address blacklist since attacker’s ip addresses change everyday, but it doesn’t solve my problem.
thank you for your help!
Tom
I tested your website by using this url:
http://www.nonsolopiccante.it/wp-login.php?loggedout=true
I received a 404 error (page not found), it means the trick works. If you still get bad login attempts, I may suggest you:
Goto the Hide Backend section, change the Login Slug. Don’t use “login” nor “user”, that too common. But use something hard to guess like “mysecretlogin”.
Some hackers may already know your secretkey, so it is good to enable the Generate new secret key to let the plugin randomly change the key for you.
But remember if you click the save changes, the plugin will revert back to its default value so you need to modify the .htaccess again.
You may consider to use Bad Behavior plugin, it will stop many bad bots that accessing your website including the autologin who try to brute force login to your website.
http://wordpress.org/extend/plugins/bad-behavior/
