WordPress Brute Force attack .htaccess rules not working

  • Answered
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
*** Added this line, the xxx is not in the file, just here
RewriteCond %{REMOTE_ADDR} !^xxx\.119\.186\.66$
Hello J_Giles, and thank you for you question, and sorry to hear you're having some issues. Were you getting directed to our support article about the recent WordPress brute force attack from our server itself? If so, that means that our ModSecurity rules had been triggered and blocked your access. You should be able to lock down the WordPress admin login with .htaccess to stop that from happening, by only allowing your IP address access to the administration section. However the current .htaccess rules you've posted seem to be injected into the main WordPress rewrites themselves. Our .htaccess rules should be placed at the top of your file. The rule you're using now breaks down to: RewriteCond %{REQUEST_FILENAME} !-f - If requested file doesn't exist RewriteCond %{REQUEST_FILENAME} !-d - If requested directory doesn't exist RewriteCond %{REMOTE_ADDR} !^xxx\.119\.186\.66$ - If the requesting IP isn't xxx.119.186.66 Below those lines should be the default WordPress one directing all those requests to index.php RewriteRule . /index.php [L] So the current way you've got it set up, it should be blocking your access to WordPress completely. You'd want to instead, use: RewriteCond %{REMOTE_ADDR} ^xxx\.119\.186\.66$ If you want to only allow yourself access to the WordPress site, but deny everyone else from getting redirected to the index.php page. However, I would instead recommend using our tactic for specifically limiting access to the WordPress admin section, instead of to all of WordPress. That would look similar to this:

RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteRule ^(.*)$ - [R=403,L]

I didn't see an account with us, associated with the email address you have registered here in the community support center, so I wasn't able to fix this for you. If you're still having any issues at all gaining access to your WordPress website after following these suggestions, please be sure to let us know! - Jacob