I have limited access to my wordpress login page by adding the following
.htaccess file to the
## due to brute force attacks, limiting access to specific ips order deny,allow deny from all allow from 24.xxx.xxx.xxx 66.xxx.xxx.xxx
I have had this in place for a day or three now and thought it was working. But today I got a notice from our security plugin that this site has had several failed login attempts. The failed login attempts were from an IP similar to this:
xing out the IPs for security measures, but wanted to give you an idea of the IP families that I am allowing vs. seeing attempting login.
So how would it be possible for a bot or person to be able to even arrive at the login page with this type of blocking in place?