How to: Hacker Bot Lockout for Your Website – Quick and Dirty [emergency] #wordpress #websites #hacks #bruteforceattack

How to: Hacker Bot Lockout for Your Website – Quick and Dirty

[emergency hacker bot lockout] #wordpress #websites #hacks

How to: Hacker Bot Lockout for Your Website - Quick and Dirty

Obviously Nothing is fully ‘hack proof’ – I have no doubt that if Anonymous wanted to hack my site they could. But Anonymous are the good guys, they don’t go after little blogs like me, they’re out to help the little guy – that’s why we love Anonymous, but I digress.

I’m talking about hacker bots which have laid siege to the login page of my blog relentlessly attempting to hack into my site

In just 2 days 200 attempts were made to hack my site, most of those within 5 hours. I couldn’t block the IP’s fast enough! And lets face it, I have better things to do with my time then to block IPs every minute of the day.

This little trick came from esmi – Theme Diva & Forum Moderator at Esmi is brilliant!

Here is the quick and dirty trick.

Before you start, log in to your website.

1. download a copy of your .htaccess [use FTP]

2. rename the current .htaccess – OLD.htaccess, that way you have a copy in case you majorly screw up

3. open .htaccess in NotePad or I like to use Aptana Studio 3

4. add this code to the top of your .htaccess

order allow,deny
deny from all
allow from

5. change to your IP.

6. save and upload the edited .htaccess


This does have several down sides.
a. you can only login to your site from whatever IP address you put in there. The Cable company changed my IP the other day …. yeah that was fun. I had to get my new IP – not hard, but a pain. Then change it in the .htaccess. Then upload it. None of that was really hard, but not what I wanted to do first thing.

The other problem I found is that I use GoDaddy and that’s always problematic. I keep this .htaccess trick up all the time because my site is under attack all the time, but I usually make sure I’m logged in when I do it and I have my browser set to keep me logged in to my site. If I log out of my site I have to remove the .htaccess for a moment while I login and then put it back after.

And lastly this little trick won’t work if you have members who login. This only allows the person at the IP you specify to log into the website.

This is why I noted “emergency” in the title. If your site is under attack and you need something quick to lock them out so you can take a breath and work things out, this could be the perfect solution. However, it’s not the perfect long term solution.

Happy Blogging!

Elements used to create Featured image Artwork provided by Created by Jill.

Leave a Comment