Hi All,
A few comments. Please DO NOT follow the advice in that Sucuri blog entry. They're telling you to add a hostname to your .htaccess file in the form of :
"Allow from example.com"
The reason you don't want to do that is because anything that accesses your login URL will cause your web server to do a forward AND reverse DNS lookup which can take a very long time. This occupies an apache thread or child process completely until it's complete. If you are experiencing a distributed attack where several IP's are simultaneously hitting your login URL, it will make your site unavailable as each apache child/process is doing a forward and reverse lookup.
From the apache documentation:
"This configuration will cause Apache httpd to perform a double DNS lookup on the client IP address, regardless of the setting of the HostnameLookups directive. It will do a reverse DNS lookup on the IP address to find the associated hostname, and then do a forward lookup on the hostname to assure that it matches the original IP address. Only if the forward and reverse DNS are consistent and the hostname matches will access be allowed."
http://httpd.apache.org/docs/current/mod/mod_access_compat.html#allow
I also don't recommend allowing from a specific IP address because your IP will inevitably change and you'll be locked out. However, as another poster confirmed, if you don't mind FTP'ing into your site and changing that IP address to your new IP address (and you know how to do this) then this method will work OK.
If you're under a severe brute force attack my best advice is the following:
Enable Falcon Engine which will speed up your website and cause Wordfence to block IP's in your .htaccess file. This is very fast and causes any attacker to consume very little resources.
Next, set your login limits to lock out anyone after 5 failures and to count failures over 1 hour. This will very effectively keep brute force attackers out of your site.
Also make sure you have the Wordfence security network enabled. This will instantly lock out IP's participating in a distributed brute force attack.
Regards,
Mark.