Block 99.99% of hacking bot attacks on WordPress via htaccess

If your host keeps telling you that you’re using too many resources, it’s possible that you have a bot problem. Hackers create bots to break into WordPress websites via the login screen (also known as wp-admin). By just adding this code to your .htaccess to block 99.999% of no-referrer bots from your wp-admin.

Replace REPLACEWITHYOURURL with your own domain. No referrer bots are the ones that do a lot of brute force attacks on your WordPress site.

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} wp-login\.php
RewriteCond %{HTTP_REFERER} !(.*)REPLACEWITHYOURURL\.com(.*) [OR]
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* http://127.0.0.1/ [R=301,L]

Leave a Reply

Your email address will not be published. Required fields are marked *

//]]>