WordPress is often an easy target for brute force password attacks. One way you can help protect your sites is to add an additional level of security, limiting access to login pages that are normally exposed by wordpress. Once set the user would need to enter an additional username and password before getting access to the default WordPress login screen. Making a complex username and password with .htaccess will definately make your site less vulnerable.
First off create a password file – you can use this handy password generator
Connect to your web hosting by FTP or SSH and create a .htpasswd file (I like to create it in the root folder). Paste the contents from the password generator and save the file.
Next, locate the wp-admin folder (or any other folder you wish to protect) and create a new file called .htaccess
Edit the file and add the following content (replace /path/to with your own path)-
AuthType Basic
AuthName “Restricted Access”
AuthUserFile /path/to/.htpasswd
Require valid-user
Finally edit the .htaccess file located in the root WordPress folder (where you will also find the file wp-login.php)
Add the following lines (again replace /path/to/ for your own path) –
AuthType Basic
AuthName “Restricted Access”
AuthUserFile /path/to/.htpasswd
Require valid-user
Finally if you are on the receiving end of abuse from fixed IP’s you may also wish to deny them access by adding these lines to your .htaccess file (replace 0.0.0.0) –
Order Deny,Allow
Deny from 0.0.0.0