Apr 182013

Some of the posts I am seeing on the internet regarding the wordpress password crack via botnet is pretty funny as various people offer suggestions to fix the problem.  The quickest fix is simple and although it protects the wp-admin page, it wont protect you from the inbound traffic or sql injection.

Set up a simple auth login:

Nginx example:

location ~ ^/wp-admin {
        auth_basic “Restricted”;
        # location of password file
        auth_basic_user_file /path/to/password.dat;

Apache example:

<Location /wp-admin>
	AuthType Basic
	AuthName "Site Admin"
	AuthUserFile /path/to/password.dat
	Require valid-user

You can then use htpasswd to generate the password file for username:

htpasswd /path/to/password.dat username

This site uses Akismet to reduce spam. Learn how your comment data is processed.