Someone is trying really hard to sneak into my admin dashboard


It’s been happening since today morning from different IP addresses. Should I ignore or is there something else I can do?


Bots usually try with common username and password. You can restrict the page access to a country or just leave it, they never gonna break it.

RewriteEngine on
RewriteCond %{REQUEST_URI} ^/wp-login(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/login(.*)$ 
RewriteCond %{HTTP:CF-IPCountry} !^(IN)$
RewriteRule ^(.*)$ – [R=403,L]

If you use Cloudflare, place above code in your .htaccess. This will block all request coming to login page from outside country.

More tips


You can Secure the WordPress Login Page by Limiting Access to Certain Country.


You can use wps hide login plugin to rename your login page to something secret.