As long as a plugin is blocking excess login attempts, then I am not sure that additional protection is needed. The plugin should be protecting against the attempts at credential guessing.
There will always be login attempts on sites, even if they aren’t WP sites. You could look at your access logs (filtering by a 40x result code) and see tons of attempts to access things that aren’t available on your site. Part of the way things are.
As long as you are blocking excess logins, and have strong passwords for your accounts, I don’t see the advantage of an additional layer of security (via htaccess passwords).
Those login attempts will always be happening. Your defense against them is the plugin that limits login attempts, and strong passwords.
Related Posts:
- Attach to wp-login.php and xmlrpc.php
- Basic Auth .htaccess on wp-login, but allow logout from woocommerce
- Improve wordpress security by hiding non public resources
- Does this .htaccess security setting really work?
- Change Login URL Without Plugin
- File and directory permissions
- adding rewrite rules in .htaccess
- Using “wordpress_logged_in” to restrict direct access to uploads folder in 2021
- WordPress URL/Folder ReWrite using Htaccess
- Which WordPress scripts need to be executable for a fresh installation?
- XMLRPC filtering through htaccess not working
- Restricting user login by IP address
- WordPress: Adding Security
- How do I test to ensure that my wp-config file is protected?
- WordPress not seeing .htaccess rules
- Rules in .htaccess only if the requested URL is /wp-admin
- Disable directory browsing of uploads folder
- Strange behaviour of is_user_logged_in() and get_current_user_id()
- Selectively Disabling PHP via .htaccess in Root Directory
- Should I prevent access to .htaccess and wp-config.php files?
- Blocking wp-login in HTACCESS has also blocked password protected pages
- Using htaccess to prevent spam through wp-comments-post.php
- How can I create a private site that is inaccessible from the outside?
- Restrict Content for only Contributors via .htaccess
- Allowing access to certain WordPress created pages or posts with htaccess / htpasswd
- Why is this line of code Wrong in every WordPress .Htaccess security article?
- htaccess rewrite conflict with wordpress rules and ssl
- Options for restricting access to wp-admin
- Serve apache 404 for missing assets rather then wp 404 template WP_Rewrites
- Remove year and month in URL using .htaccess
- Permalinks not working on second wordpress installed in a subdirect
- Unable to access WP admin
- Move wordpress to folder without changing urls
- Change wp-content without changing the name of the folder
- Using WordPress only for the backend, and using AngularJS as a frontend
- Two domains on one WordPress Installation
- Protect Upload Folder Files With Ampersand Problem
- .htaccess and WordPress Admin Bar
- Setup Permanent 301 Redirects after moving to Https [closed]
- Force www to non-www on a subdomain in WordPress?
- WP site URL changed to have HTTPS but still homepage does not redirect
- need a help for modify .htaccess rule [closed]
- Cache policy not updated according to PageSpeed
- .htaccess ‘down for maitenance’ and WordPress
- What’s the opposite of required valid user in .htaccess authentication
- deny IPs from wp-login using .htaccess
- Which is better: 301 Redirect in my .htaccess file or a plugin like Redirection?
- Fixing custom 404 pages broken by WordPress in a subdirectory
- I can’t access the admin panel links as I click it shows 403 error
- Https Redirect infinite loop in Mobile browsers
- How to hide login form if basic authentication fails?
- How to Change The WordPress Login URL Without Plugin
- .htaccess rewriting old RSS feed URL to WordPress feed URL
- .htaccess rules for blocking bots with an extra condition
- How can I set Cache TTL for woff and woff2 font files with htaccess?
- WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
- How can I fix the redirect chain after implementing ssl on wordpress?
- .htaccess RewriteRule always overwritten – how to prevent?
- Redirect old domain with query paramaters
- What might be removing my redirects from my htaccess?
- WordPress .htaccess to consider blog as directory
- Force non-ssl on WordPress RSS feeds in htaccess, using cloudflare
- Protect wp-login, but get an internal server error
- Local wordpress install only shows home page, all other pages Not Found
- WordPress is rewrite my htacces file. I adding a font rule
- Redirect within wordpress template/plugin
- Redirect wrong links WordPress
- How to deny access to a particular wordpress site url
- Accepting special characters in querystring
- Centos 7.2 wordpress on going to /admin shows Forbidden You don’t have permission to access /wordpress/wp-admin/ on this server
- Multiple wordpress installations on same server
- Cannot access subdirectory subpages
- WordPress constantly running out of memory
- Home links redirects to old site
- How can I create a smarter .htaccess file that will add a directory?
- .htaccess found in every folder
- Help with htaccess querystring rewrite
- Configure .htaccess to have a WordPress single site installation with all subdomains pointing to the same pages?
- How do I properly redirect requests to WordPress subdirectory?
- Rewriting subfolders to specific parent folder in WordPress
- Redirect default pagination page to template page’s pagination
- domain redirection is not working from old to new
- Deny,Allow on .htaccess isn’t working
- Redirect after login when WordPress in subdirectory
- Remove subdirectory from links
- modifying htaccess for localhost with a custom port
- Leverage browser caching
- WordPress URL not working?
- How to direct users to a subcatalog
- How to block wordpress admin by htaccess
- htaccess conflict between WordPress and password protected subdirectory
- Using subdomain as primary domain
- Redirect from domain.com to subdomain.domain.com
- Add-on domain works in WordPress but links still lead to subdomain
- In a subdomain network, what .htaccess settings can I use to have WP ignore requests to one subdomain?
- htaccess rule to ignore specific subdomain [closed]
- Hardening WordPress – how to set .htaccess permissions?
- FilesMatch in htaccess
- Interaction of .htaccess, WP_HOME, and WP_SITEURL
- malware affecting backend of wordpress website-could be .htaccess file