Login
To protect against password brute force for wp-login.php, you can use HTTP Basic Authentication. This is an additional layer of security, although an attack can also be directed at HTTP Basic Authentication
To protect wp-login.php authorization from brute force, follow these steps:
1. Create a .htpasswd file using the htpasswd generator service.
2. Place it in the root directory, next to the .htaccess file.
3. Add the following lines to the .htaccess file
## Stop Apache from serving .htpasswd files
<Files ~ "^\.ht"> Order allow,deny Deny from all </Files>
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user narayanprusty
</Files>
However, there are several pitfalls here:
1) If the site has several authors, then you will not be able to give each author their own HTTP Basic Authentication password. It will be one for everyone.
2) It is possible that a robot or a person can guess both passwords.
3) If password guessing is carried out with high intensity, increased load on the server may be created, since the web server will create processes to verify user permissions.
