I am sure, you have already heard about the brute force attack. Well, it’s about scanning your WordPress website for vulnerabilities to exploit it.
Every WordPress security consists of a point to limit your login attempts or any security plugin, which controls everything.
Now, let me make you understand a little bit about author scanning. When hackers scan your website and try to get the author ID, which then solves 50% of their work because they can find out the password by trying different combinations.
At this point, if you disable author scanning, no one can find out the author ID, and your website is safe from the brute force attack.
To block the unknown users, by trying different password combination, it’s important to limit the login attempts. Every time you read something related to WordPress security, make sure you do some research.
In this tutorial, you’re going to learn a convenient method to discourage brute force attack by disabling author scanning.
You may be wondering if you require any coding skills. Well, all you need is to copy and paste the code in a file.
A Step By Step Process to Discourage Brute Force Attack
Now and then, you may encounter with wp-config.php and .htaccess files. These are two most important files of a WordPress site.
In this tutorial, you need .htaccess. If you use the Yoast SEO plugin, you can edit the file from your admin area. But it’s always a good idea to use cPanel, from which you can backup the file before editing.
Now, I must mention that having the full backup of your WordPress website and its database is vital for safety. It’s possible that you can break your site with any wrong code placement.
Although there is nothing complicated, still it’s better to take precautions.
Let me show you the required steps.
Step 1:
As usual, you need to open your cPanel account and find the Files’ section, under which you can easily spot the file manager icon.
Depending on your web hosting service, you can notice a different layout.
You may already know that every almost every web hosting company uses a different design template for its cPanel. So, there is nothing to worry about.
All you need is to find out the file manager and click to open.
Step 2:
By default, it’s possible that you see the home directory. But you need to look at the public_html directory, where all the files and folder of the WordPress site are available.
You can accomplish it by clicking on public_html from the left-hand sidebar of cPanel.
Step 3:
Scroll down, and you can easily spot the .htaccess file. If you don’t see it, it means you need to update the cPanel settings.
Go to the top-right corner to click on the Settings’ button. A popup appears, from which you need to check the box to display hidden files.
You should know that .htaccess is a hidden file and a “dot” as the prefix is the sign.
Step 4:
If you still don’t see it. It’s because you host multiple websites on the same server. If you do, open the domain name folder and then search for .htaccess.
Find it and right-click to choose an edit option.
Step 5:
A popup appears to allow you disable encoding. But you don’t need to change anything. Click on the Edit button.
Step 6:
A new tab opens up in your web browser. It consists of all the coding files.
Note: If you’re scared, it’s better to backup the .htaccess file by double-clicking.
Now as you have seen the file, copy and paste the code shown below.
# Block Author Scans
RewriteEngineOn
RewriteBase /
RewriteCond%{QUERY_STRING} (author=d+) [NC]
RewriteRule .* - [F]Make sure you add it before #End WordPress. Once you add it, click on the Save Changes button displaying at the top-right corner.
Congrats, from now onwards, no one will be able to scan authors of your WordPress website.
Isn’t That Easy to Disable Authors Scanning
Securing your WordPress website should be one of the most important goals. While running anything online, it’s essential to keep everything updated.
You may already know hackers always try to find the websites with any vulnerability. And you shouldn’t leave any on your site.
Conclusion
You may be wondering if any security plugin can accomplish such a task. Well, it depends, because there are many plugins in the market.
Even if you’re a non-techie person, editing the .htaccess file isn’t a big deal.
Check out these top 3 WordPress hosting services:
- Click here to get the best wordpress hosting specialized for wordpress.
