I was informed to do this, I added this to the top

I was informed to do this, I added this to the top of the .htaccess, would that work.
+ Add the following code to your .htaccess so that intruders can't scan your username database

# BEGIN block author scans
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans

  • Tyler Postle

    Hey Orlando,

    Hope you are doing well today! Thanks for your question. That blocks bots from running author scans on your website; in other words, makes it more difficult for a hacker to find the admin username of the site, which they can then perform a brute force attack on. A brute force attack is usually performed by a program that tries over and over and over again to guess your admins password until it is eventually successful.

    One of the best ways to stop against an attack like this, and you'll see many sites do this, is limit the number of login attempts. Limit it to say 5 attempts that it blocks the IP or account, whichever. There is this plugin; however, it hasn't been updated in awhile, should be others that will be similar: https://wordpress.org/plugins/limit-login-attempts/

    I notice you are already using our anti-splog plugin as well. That will help keep your site secure too :slight_smile:

    Hope this helps! Let us know if you have any further questions.

    All the best,

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.