How to secure WordPress's login

Add the below to ~/public_html/.htaccess: (Don’t remove or replace anything in the file, just add the below at the top or bottom, if you are versatile, you are out of luck.)

 <Files "wp-login.php">
    Order deny,allow
    Deny from all
    Allow from server_ip
 </Files>
 <Files "xmlrpc.php">
    Order deny,allow
    Deny from all
    Allow from server_ip
 </Files>

~/public_html/wp-admin/.htaccess:

 order deny,allow
 deny from all
 allow from server_ip

To login, run “ssh user@server -D 9999”, then use a SOCKS proxy, 127.0.0.1, and port 9999. That works in Linux and macOS. Can’t help you if you use Windows.

Can you put more then one filename in the files thing?

How to secure WordPress's login

Related