Apr 182013
Some of the posts I am seeing on the internet regarding the wordpress password crack via botnet is pretty funny as various people offer suggestions to fix the problem. The quickest fix is simple and although it protects the wp-admin page, it wont protect you from the inbound traffic or sql injection.
Set up a simple auth login:
Nginx example:
location ~ ^/wp-admin {
auth_basic “Restricted”;
# location of password file
auth_basic_user_file /path/to/password.dat;
}Apache example:
<Location /wp-admin>
AuthType Basic
AuthName "Site Admin"
AuthUserFile /path/to/password.dat
Require valid-user
</Location>You can then use htpasswd to generate the password file for username:
htpasswd /path/to/password.dat username