Protect your wordpress site from WordPress Global Brute Force Admin

Here is simple step by step to protect your wordpress site from WordPress Global Brute Force Admin:

1. If your password wasn’t long and complex enough, it’s good if you change it for more complex combination. Adding some special characters such as @#*$&%^! is a good idea.

2. Remove the “Drop” privileges on your MySQL user.

3. Install wordpress plugin to tighten your WP engine, such as WP security scan, WP firewall 2, TimThumb vulnerability scanner, Exploit Scanner, SI Captcha.

Another method to mitigate WordPress Global Brute Force Wp-Admin you can use Htaccess Password protect:

1. Generate the password file here: http://www.htaccesstools.com/htpasswd-generator/ and save in your wordpress folder as .wpadmin.

2. Insert this code in your .htaccess file.

ErrorDocument 401 "Unauthorized Access"
ErrorDocument 403 "Forbidden"
<FilesMatch "wp-login.php">
AuthName "Authorized Only"
AuthType Basic
AuthUserFile /home/username/.wpadmin
require valid-user
</FilesMatch>

change /home/username/.wpadmin to your folder structure.

hope it useful