I am currently experiencing a brute force attack that is originating from a different IP every 2-10 seconds. It is trying to log in as admin, which I have set as a username to be instantly blocked. Since the IP address changes every time, this is not slowing the attack. Country blocking won't help because it would land up blocking everyone.
I would like to limit access to wp-login.php, for example by white-listing only my specific IP, and black-listing everything else.
I have tried this via .htaccess in the root like this:
<Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from my.ip.add.ress
</Files>Sadly this doesn't seem to be working. I'm still seeing a new login attempt every few seconds via the life traffic panel.
It would be great if this sort of action could be done from within Wordfence. Or perhaps there is a different solution for this sort of attack.
Thanks!