A common technique used by hackers to gain unauthorized access to websites is called "Brute Force". Using this technique, hackers use software designed to scan a website for vulnerabilities and gain access by exploiting any of them. We use Sucuri for the security of our websites because they actively block malicious requests. A common entry point that these brute force bots attempt to exploit is by running scans of an author. In this article, we will show you how to discourage brute force by blocking author scans in WordPress.
Note:If you're using Google's limited login attempt and authenticator, then you're pretty well protected against brute force attacks.
First, let's understand what these brute force attempts are trying to do. At first they try to find a username in your blog or in the author identification. Often the username used to log in to WordPress and the author's name are the same. Once they find a username, this solves 50% of the puzzle. They now brute force your site to crack the password by trying several different combinations of passwords.
To block author scanning on your website, simply add this code in .htaccess
file in the WordPress root directory.
# BEGIN bloque autor explora RewriteEngine On RewriteBase / RewriteCond% QUERY_STRING (autor = \ d +) [NC] RewriteRule. * - [F] # FIN escanea autor de bloque
This will prevent bots from running author scans on your website. Users of your website can still access author pages, but robots will not be able to.
We hope you have found this tip useful. We want to emphasize that this does not prevent brute force attacks. This is just a precautionary step you can take to discourage the hacker. When someone desperately wants to attack your site, they will find a way to do it. We strongly recommend that you use Sucuri and keep regular WordPress backups. PS Here are 5 reasons why we use Sucuri.
This tip was submitted by:Ian Armstrong