Apr 182013
 

Some of the posts I am seeing on the internet regarding the wordpress password crack via botnet is pretty funny as various people offer suggestions to fix the problem.  The quickest fix is simple and although it protects the wp-admin page, it wont protect you from the inbound traffic or sql injection.

Set up a simple auth login:

Nginx example:

location ~ ^/wp-admin {
        auth_basic “Restricted”;
        # location of password file
        auth_basic_user_file /path/to/password.dat;
}

Apache example:

<Location /wp-admin>
	AuthType Basic
	AuthName "Site Admin"
	AuthUserFile /path/to/password.dat
	Require valid-user
</Location>

You can then use htpasswd to generate the password file for username:

htpasswd /path/to/password.dat username