Hey friends,
I have to tried to make my website secure against brute force attacks but I’m not sure it’s working. I need your advice.
I have removed all access to my wp-admin page through a ‘deny’ line in the .htaccess file as shown below, and it’s working as the page shows 403 inaccessibility error. But WordFence is reporting 286 Blocked counts and 29 Login attempts.
<Files wp-login.php>
order deny,allow
Deny from all
</Files>
How can they have login attempts if access to the login page is completely removed?
My host claims to have strong security measures and I’m using 2FA through WordFence Free version. I unistalled loginizer after blocking all IPs through .htaccess.
Do you have a better process to make your websites secure against these login attempts? I’m wondering if I’m doing too little.
[ad_2]
Cloudflare Firewall Rules
Did you block access to the Xmlrpc.php file?
If not, you should