How to Block Author Scans to Stop Brute Force in WordPress

How to Block Author Scans to Stop Brute Force in WordPress

WordPress is one of the most popular CMS with over 35% of internet website are build on WordPress CMS at this time of writing this post. There other CMS like Squarespace, Joomla, Drupal etc but use by only fewer sites. WordPress is far ahead as compared to its competitor. Previously WordPress users to create a blog or website But now WordPress core code changed a lot as well as the massive ecosystem of Plugins and theme, you can create any type of website with WordPress.

As WordPress is more popular CMS, therefore, it is the main target for a hacker. As per Sucuri WordPress accounted for 90 per cent of all hacked CMS sites in 2018. WordPress is very secure by default itself most of the security breach occurs due to the use of theme and plugin from unauthorized sources. on WordPress Platform website security hardening means securing a website by reducing its surface of vulnerability. More use of theme and plugin, Showing directory or WordPress version provides a potential entry point to a hacker.

What is Brute Force Attack-:

A brute force attack is a trial-and-error method used to obtain information such as a user password or personal identification number (PIN). Brute force attacks may be used by criminals to crack encrypted data, or by security, analysts to test an organization’s network security. Using this technique, hackers use software designed to scan a website for vulnerabilities and gain access by exploiting any of them.

On WordPress Platform brute force bot can run author scan and find an entry point for their attack. Using Limit login attempt and Google Authenticator is a good choice to prevent from brute force attack. In this post, I will explain how you can prevent brute force attack using .htaccess file.

How to Block Author Scans to Stop Brute Force in WordPress-:

You can block Author Scans to Stop Brute Force in WordPress using .htaccess file. To locate your .htaccess file read my complete guide on How to Locate .htaccess file in WordPress. once you locate your .htaccess file add below code to your .htaccess file. Please note-: Take a backup of your .htaccess file before editing it, if anything happens in the wrong way you will have option to revert back all your changes.

# BEGIN block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (author=\d+) [NC]
RewriteRule .* - [F]
# END block author scans

This will block bots from running author scans on your website. Your website users can still access the author pages, but bots will not be able to do so. It is always recommended to use Security plugin like Sucuri or Wordfence to safeguard your WordPress Website.

Conclusion-: If you are using Limit login attempt plugin and Google Authenticator then you are well protected against brute force attack. adding above code will add extra security to your WordPress website.

If you like my work, Please Share on Social Media! You can Follow WP knol on FacebookTwitterPinterestQuora and YouTube for latest updates. You may Subscribe to WP Knol Newsletter to get latest updates via Email. You May also Continue Reading my Recent Posts Which Might Interest You.

About Amar Patel 263 Articles
Hi, I am Amar Patel from India. Founder, Author and Administrator of I am a Simple Average Man who Loves life and Love living life.Professionally I am a Mechanical Engineer. Apart from my Job, I Love to write the things around WordPress WordPress CMS.