WordPress Administrator Area Access Disabled – Brute Force Attacks

When trying to access the admin area (wp-admin / wp-login) of WordPress, you get this error:

WordPress administrator area access disabled temporarily due to widespread brute force attacks.

This is probably because your host has been hacked. To work around this (until your host can fix the actual problem), connect to your web hosting server using ftp or the provided Control Panel and edit the .htaccess file that is located in the root of your WordPress installation directory. To prevent the disabled administrator area access append the following code to the .htaccess file:

<Files ~ “^wp-login.php”>
Order deny,allow
Deny from all

Allow from xxx.xxx.xxx.xxx
</Files>

Change xxx.xxx.xxx.xxx to the IP address that you wish to enable access from. Note: This is the IP address of the internet facing NIC on your router. To get the IP address, type what is my ip address into Google 😉

To add multiple IP addresses, separate them with a space.

This will then enable access to the administrator area in WordPress. Next, change your website over to a decent web hosting company or contact your current host and get them to fix their vulnerabilities.

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)

Leave a comment

Your email address will not be published. Required fields are marked *