After last attack on previous article, someone coming from ip 146.185.253.118 and login succesfully, and change wp password. After that, my site lock me down, because my password is incorrect after trying 2 times. WTF!! Now, i try to protect site manualy using .htaccess, that backend can open only from ip that i mentioned. BUT It Denies from all.

To do that, make .htaccess file like this.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123$
RewriteCond %{REMOTE_ADDR} !^123.123.123.123$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
# END WordPress
<Files 403.shtml>
order allow,deny
allow from all
</Files>

insert multiple whitelist ip addresses by changing this line

RewriteCond %{REMOTE_ADDR} !^123.123.123.123$

change with your ip address –> 123.123.123.123 <–
to find your in just type “what is my ip” on google. and google will show your ip address.

after that. upload that file to your root server.