WordPress 4.4.2 running Delicate theme.
legalcafe.com (our WP blog) is a subdomain pointing to a folder on our main site legalgrind.com. Our host is powweb.com. We have activated the BPS Brute Force Login plugin on WP and are getting many daily alerts. The most common solution appears to allow only a certain IP address to access the wp-admin.
My problem is that I am not a programmer (I only know html and css) and need things simplified more please. (You address this procedure in several posts on this forum.) First this is the code you recommend adding.
# Protect wp-login.php from Brute Force Login Attacks based on IP Address
<FilesMatch "^(wp-login\.php)">
Order Allow,Deny
# Add your Public IP Address using 2 or 3 octets so that if/when
# your IP address changes it will still be in your subnet range. If you
# have a static IP address then use all 4 octets.
# Examples: 2 octets: 65.100. 3 octets: 65.100.50. 4 octets: 65.100.50.1
Allow from 65.100.50.
</FilesMatch>My questions are:
What IP do I use, my own personal computer’s IP or the host’s IP?
What file (root htaccess or the subdomain’s wp-admin folder htaccess?) does this go on and where on the file (at the very top?), if it matters? I don’t need this protection on the root.
What should be stripped from above code? For example do I just remove the comments?
Thanks