Comments on: Protecting WordPress Login Page from Attacks

By: Kent C

Kent C — Fri, 17 Mar 2017 18:46:45 +0000

In reply to Sunil Gupta. I would also like to alert users who decide to use Google Chrome Browser that even if you are able to correctly input the user/password which works in Microsoft Edge/IE11, you will still receive the following error "Unauthorized" when you try to login using WordPress attack protection CAPTCHA. I would also like to submit that I've run into this problem using that method of protection. This is an error that needs to be corrected.

By: Jason Douglas

Jason Douglas — Mon, 11 Apr 2016 16:38:35 +0000

@Sunil Gupta. Yes, I am having the exact same problem. I was able to access the dashboard for our sites using Safari, but this is an issue for us as well.

By: Makey

Makey — Mon, 04 Apr 2016 16:05:53 +0000

I used your second method…..Now my ip address is going to change in a few days …..no do i need to remove code from htaccess??????????

By: Salman Khattak

Salman Khattak — Fri, 25 Mar 2016 16:44:45 +0000

@Sunil: Thank you for mentioning the bug in Chrome. I wasted a lot of time trying to figure out where is the captcha username/password.

By: Sunil Gupta

Sunil Gupta — Mon, 14 Mar 2016 04:43:29 +0000

Does anyone notice that when accessing your admin page on Chrome, the AuthName value doesn’t appear in the popup? It should say, “WordPress attack protection CAPTCHA. Enter username…” to give you a hint as to what this is about but instead just says to enter your username and password.

By: Michael Breen

Michael Breen — Thu, 13 Aug 2015 14:33:52 +0000

I was not able to get the apache directive to work. Instead I used:

Order Allow,Deny
Allow from xxx.xxx.xxx.xxx

When you use Allow,Deny and you match both the Allow and Deny the default is to Deny, which didn’t work.

By: Joanna

Joanna — Fri, 22 Nov 2013 13:40:25 +0000

I had big problem with brut attacks to our web page. web provider block our page because we were 900% over procesor using limits. I used plugin Limit Login Attempts and it looks it works! I understand that it is good option also if I have dynamic IP addresses.

By: chris faron

chris faron — Mon, 15 Apr 2013 22:31:25 +0000

I had problems getting it to work correctly, I used this instead:

Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx

By: Wesley Bauerle

Wesley Bauerle — Fri, 12 Apr 2013 17:29:50 +0000

I like all of what I read except the suggestion in #2 to limit access from all IP addresses other than a specific IP… some people like myself have internet providers that change the IP address when we reset the Cable Modem. (non-static address or pseudo-static) So… if someone who doesn’t know better follows your instructions they may be later unable to log in to their wordpress! Otherwise this full of great suggestions.

By: GreenGeeks

GreenGeeks — Fri, 12 Apr 2013 16:31:02 +0000

In reply to Wesley Bauerle. Totally true. However it's a suggestion nevertheless. We'll make an update to the suggestion.