As long as a plugin is blocking excess login attempts, then I am not sure that additional protection is needed. The plugin should be protecting against the attempts at credential guessing.
There will always be login attempts on sites, even if they aren’t WP sites. You could look at your access logs (filtering by a 40x result code) and see tons of attempts to access things that aren’t available on your site. Part of the way things are.
As long as you are blocking excess logins, and have strong passwords for your accounts, I don’t see the advantage of an additional layer of security (via htaccess passwords).
Those login attempts will always be happening. Your defense against them is the plugin that limits login attempts, and strong passwords.
Related Posts:
- Attach to wp-login.php and xmlrpc.php
- Basic Auth .htaccess on wp-login, but allow logout from woocommerce
- Improve wordpress security by hiding non public resources
- Does this .htaccess security setting really work?
- Change Login URL Without Plugin
- File and directory permissions
- adding rewrite rules in .htaccess
- Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
- WordPress URL/Folder ReWrite using Htaccess
- Which WordPress scripts need to be executable for a fresh installation?
- XMLRPC filtering through htaccess not working
- Restricting user login by IP address
- WordPress: Adding Security
- How do I test to ensure that my wp-config file is protected?
- WordPress not seeing .htaccess rules
- Rules in .htaccess only if the requested URL is /wp-admin
- Disable directory browsing of uploads folder
- Strange behaviour of is_user_logged_in() and get_current_user_id()
- Selectively Disabling PHP via .htaccess in Root Directory
- Should I prevent access to .htaccess and wp-config.php files?
- Blocking wp-login in HTACCESS has also blocked password protected pages
- Using htaccess to prevent spam through wp-comments-post.php
- How can I create a private site that is inaccessible from the outside?
- Restrict Content for only Contributors via .htaccess
- Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
- Security headers disappear on WordPress pages
- Why is this line of code Wrong in every WordPress .Htaccess security article?
- How to redirect all HTTP requests to HTTPS
- Best collection of code for your .htaccess file [closed]
- Default .htaccess file for WordPress?
- Which one does WordPress prioritize when it comes to php.ini, wp-config and .htaccess?
- Security and .htaccess
- WordPress site hacked. Has .htaccess been hacked?
- htaccess problem after saving Settings
- Protecting direct access to PDF and ZIP unless user logged in (without plugin)
- Stop WordPress and Plugins from Overwriting .htaccess
- How to fake a WordPress login?
- htaccess disable WordPress rewrite rules for folder and its contents
- htaccess rewrite conflict with wordpress rules and ssl
- htaccess https redirect from www to non-www
- What does a security risk in a plugin look like?
- Htaccess for Wordpess set on single subdomain
- Securing wp-admin folder – Purpose? Importance?
- .htaccess and 500 error, extra character added
- Name-based virtual host configuration in Apache seems to cause a “500 Internal Server Error”
- Place static HTML files in path below WordPress page
- Static raw HTML page
- WordPress + Magento .htaccess ReWriteRule Issue (www vs. non-www)
- Plugin to edit htaccess file
- htaccess rewrite for author query string when WP is in subfolder
- Why “Settings->Permalinks” creates .htaccess file on nginx server?
- .htaccess for wordpress inside another wordpress install
- .htaccess file redirecting to parent directory
- Blog.php or how to display recent posts?
- Options for restricting access to wp-admin
- Rewrite /?rest_route=/ link to /wp-json/ without changing default permalink structure in apache
- Globally force SSL on all pages
- Serve apache 404 for missing assets rather then wp 404 template WP_Rewrites
- Isolating WordPress to a subfolder
- Remove year and month in URL using .htaccess
- index.php not loading in main folder of wordpress
- Admin-Ajax.php, SSL, Non-SSL
- How to Block Access to Standard Login Flow and Comment Flow
- How disable SSL redirect for specific URL?
- WordPress site displaying 404 for any page apart from index
- Which ways can be used to log in to WordPress?
- Why does the header set X-Robots-Tag apply to all pages?
- Permalinks not working on second wordpress installed in a subdirect
- How to avoid wordpress permalink rules to inherit in a sub-folder
- How to change “wp-admin” to something else without search-replacing the core?
- Error:406 not acceptable
- Unable to access WP admin
- .htaccess Rewrite URL WordPress
- Move wordpress to folder without changing urls
- Rewrite rule not working
- A plugin changes my .htaccess file and I can’t access httpd.conf as that’s a shared server
- Cant block wordpress readme files
- Change wp-content without changing the name of the folder
- 404/500 error on /wp-json
- WordPress keeps deleting .htaccess file
- Correct htaccess to display page while also passing in GET parameters
- What is the role of .htaccess file in WordPress?
- Using WordPress only for the backend, and using AngularJS as a frontend
- Temporary .htaccess blocking is disabling WP Crons from running?
- Block access to wp-admin
- How to restrict access to wp-content, wp-includes and all sub-folders
- Two domains on one WordPress Installation
- .htaccess redirects disappeared after re-saving permalinks
- Protect Upload Folder Files With Ampersand Problem
- How have I misconfigured basic auth for my wordpress site?
- Remove File Extension for Page Outside of WordPress
- Is it possible to dynamically redirect URL using htaccess?
- How can I code my plugin to safely modify .htaccess?
- Prevent users from browsing through the media galleries
- .htaccess for wordpress in separate folder
- How to modify the .htaccess to force ssl on login and admin pages
- WordPress trims off the forward slash when import
- WordPress mod_rewrite is canceling/overwriting my other mod_rewrite rule
- .htaccess and WordPress Admin Bar
- WordPress best solution shared theme for consumers and businesses (two url’s one instaltion)