Sadly it’s not uncommon to receive many rogue login attempts. If you have a strong password policy this actually shouldn’t worry you too much.
If there is a limited amount of people with logins and they work from fixed addresses, you can block acces to that page by writing a rule in your .htaccess
that blocks all visitors from wp-login.php
except those with certain ip-addresses.
Also, security plugins like iThemes can track rogue plugin attempts for you, and issue bans as well as fix common security loopholes. But you can’t stop people from trying to get in, unless you decouple your site from the internet.
Related Posts:
- Verifying that I have fully removed a WordPress hack?
- If a hacker changed the blog_charset to UTF-7 does that make WordPress vulnerable to further attacks?
- Tips for finding SPAM links injected into the_content
- What should I do about hacked server?
- How can I find security hole in my wordpress site?
- How to prevent bot or someone to modify any file automatically?
- wp-config.php modified?
- Suspicious Files
- Malware script in database post table only? [closed]
- Verifying that I have fully removed a WordPress hack?
- How can I safely hide the fact that my website runs on WordPress? [closed]
- My WordPress Websites are always under attack
- How to find exploited wordpress plugin [closed]
- Any known bugs that could cause disappearance of the wp_users table?
- On new server, site got hacked, permissions a bit strange? Please help
- Replace domain in database
- Remove hacked code – out of ideas! [closed]
- WordPress Database Re-installed (Hacked)
- Verifying that I have fully removed a WordPress hack?
- Could a user account with a stolen password compromised entire WP site?
- how to find the way they hacked my WP site
- How to stop repeated hack on header.php of custom theme? [closed]
- Is my WP site being hacked?
- Should WordPress Add Options to Enhance Security or Leave it to plugin developers? [closed]
- WordPress Hacks/Defacing [closed]
- what is a auth_user_file.txt?
- Is moving wp-config outside the web root really beneficial?
- Best way to eliminate xmlrpc.php?
- Should I remove install.php and install-helper.php?
- How do I technically prove that WordPress is secure?
- Which KSES should be used and when?
- Disable comment windows for all existing posts (pages/blogposts)
- How Attackers write script into my php files?
- Generate WordPress salt
- Vanilla WordPress install, what can/should I put in disable_functions?
- Stop wordpress automatically escaping $_POST data
- Secure my “add_settings_field” translation?
- how can i embed wordpress backend in iframe
- Handling nonces for actions from guests to logged-in users
- WordPress Logout Only If User Click Logout or If User Delete Browser History
- Can I force a password change?
- wp_insert_post disable HTML filter
- What is pclzip.lib.php file that wordfence think it’s a malicious code
- How to disable XML-RPC from Linux command-line in a total way?
- How to remove javascript malware in wordpress site [closed]
- Completely remove the author url
- Securing my WordPress Files and Directories
- Restricting access to content
- About WordPress site security
- Single sign-on: wp_authenticate_user vs wp_authenticate
- How to allow internal links using wp_kses filtration
- hSite has no css on mobile [closed]
- How does Cross Site Scripting (XSS) work exactly? [closed]
- How does the “authentication unique keys and salts” feature work?
- vs WordPress Security
- esc_html__ security : what for in this example?
- Using HTACCESS for Secret Access
- Definitive wordpress directory ownership and permissions on linux
- Dangers to allowing Access-Control-Allow-Origin: * for Feeds only?
- wordpress website host price and security [closed]
- Are there security risks in working directly in the themes folder that builds into a theme folder?
- Are un-sanitized theme options more vulnerable to malicious scripts than the theme editor?
- Hack-Proof OR Security in WordPress — is it real?
- Secure WordPress: Change admin
- Changing the default header name
- how much information can we hide when using wordpress cms?
- Wordfence detects change in wp-admin/includes/upgrade.php
- Basic password protection without using users and roles
- System setting changed by system user
- Does meta-data need to be sanitized?
- 404/500 error on content images if Referer header is from another domain [closed]
- Are SVG image files safe to upload? Why WP defines them as a security risk? [duplicate]
- Security issue with ‘paged’ and ‘posts_per_page’ parameters taken directly from a POST request?
- How to prevent to direct access of my custom plugin folder/files
- Checking for origin of a xmlrpc request
- RESTRICT EDIT of PHP files?
- wp-content – permissions for files/folders created by apache
- How can I restrict access to specific parts of a page, not just the page itself?
- User generated content and security
- Monitor wordpress all external calls
- Is it safe to use the basic administration with reduced rights for private member space
- Securing WordPress running on Azure platform
- Spam Registrations
- How can I have more confidence that WP plugins aren’t getting and storing user data?
- Standard Method for Securing a WordPress Site
- wordpress security (only one part of the site)
- Avoid ‘uploads’ 777 permissions: Potential threat or clean solution?
- Any way to disable /wp-login.php redirecting to the site folder?
- Folder Permissions + Security Concerns
- Malware/Permission bug removal?
- Step by Step Instructions for Making Media/Uploads Private to Only Logged-In Users
- Secure a WordPress website in 2019: one plugin or a combinations of them?
- What are the different types of firewall protections available for a WordPress website?
- Run a security scan on WordPress site that has .htaccess password [closed]
- Is this a WordPress security bug?
- Competitor is somehow accessing MetaData on a hidden WordPress site
- I am under DDoS. What can I do?
- SSH keypair generation: RSA or DSA?
- How do I protect my company from my IT guy? [closed]
- Does changing default port number actually increase security? [closed]