Someone is trying really hard to sneak into my admin dashboard


#1

It’s been happening since today morning from different IP addresses. Should I ignore or is there something else I can do?


#2

Bots usually try with common username and password. You can restrict the page access to a country or just leave it, they never gonna break it.


#3
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/wp-login(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/login(.*)$ 
RewriteCond %{HTTP:CF-IPCountry} !^(IN)$
RewriteRule ^(.*)$ – [R=403,L]

If you use Cloudflare, place above code in your .htaccess. This will block all request coming to login page from outside country.

More tips


#4

You can Secure the WordPress Login Page by Limiting Access to Certain Country.


#5

You can use wps hide login plugin to rename your login page to something secret.