This post is also available in: Japanese
Wordpress hacking attacks were becoming badly especially this year.
By applying Basic authentication to admin.php and wp-login.php of wordpress, it is a simple but hacking of the site less likely to be.
If you have access to wp-login.php(wordpress login screen) by applying the Basic authentication, you will be prompted for a password and user name, as in the image.
There is a [Brute force attack] and [Dictionary attack] to the famous hacking method.
[Dictionary attack]to attack and dictionary of the anticipation of ID / PASS wordpress user is likely to use.
[Brute force attack] to attack to try to order a combination of string.
Safety is enhanced that is different from the wordpress ID/PASS of Basic authentication.
The plug-in [Simple Login Lockdown] is recommended as a counter to the [Brute force attack].
Please refer to the article [How to remove Simple Login Lockdown when you can not log in].
Apply the Basic authentication to wp-login.php/admin.php of wordpress
AuthUserFile home/www/.htpasswd AuthName "Input UserName And Pass" AuthType Basic <Files wp-login.php> require valid-user </Files> <FilesMatch "\/?wp-admin"> require valid-user </FilesMatch> <Files wp-admin/admin-ajax.php> Satisfy any order allow,deny allow from all </Files> # Exclude the file upload and WP CRON scripts from authentication <FilesMatch "(async-upload\.php|wp-cron\.php|xmlrpc\.php)$"> Satisfy Any Order allow,deny Allow from all Deny from none </FilesMatch>
1.Create [.htaccess] file in the same directory as the wp-login.php
2.Copy and paste the above code.
3.Change the full path from the root directory the part of the [home/www/.htpasswd] of [AuthUserFile] to put [.htpasswd] file.
4.Create [.htpasswd] file in the location that you specify.
5.Tools link below, generate a UserName/PASS to be used when the Basic authentication.(PASS and UseName you like)
6.Paste to [.htpasswd] code that is generated.
7.To operation verification try to access management screen(wp-admin.php) and login screen(wp-login.php).
If the failure occurs, please remove the code that you copy and paste the above [.htaccess] file.
User:Hakre/Htaccess Auth Excludes « WordPress Codex