Here's a very simple way to avert attacks on your WordPress site. In most cases, hackers will try to attack a WordPress site by directly accessing wp-login.php or admin-ajax.php.The following code, added to your site's .htaccess file, redirects hackers to a fake url. Make sure you change the IP address to your IP address in the code, otherwise you'll be redirected as well.
Grant a single IP Address access:
## .htaccess rule to prevent an attack that from happening on this site. # Please edit the 123.45.67.89 numbers to match your own IP address. # For example, the IP 64.207.234.198 needs to # be changed to look like !64.207.234.198 in the rule. ##RewriteEngine On RewriteCond %{REMOTE_ADDR} !123.45.67.89 [NC] RewriteRule .* [R=301]
To grant multiple IP addresses access, change the following line:
RewriteCond %{REMOTE_ADDR} !123.45.67.89 [NC]
To:
RewriteCond %{REMOTE_ADDR} !(123.45.67.89|123.45.67.89) [NC]
