Share via


IIS: How to Protect Your WordPress Site from Brute Force Attacks.

Brute-force attacks can slow down your Wordpress website, make it inaccessible and even crack your password to install malware on your website.
You can stop it using the following solution (in web.config):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  </system.webServer>
    <!-- Existing Configuration Excluded -->
    <location path="wp-login.php" overrideMode="Allow">
        <system.webServer>
            <security>
                <authentication>
                    <anonymousAuthentication enabled="false" />
                    <windowsAuthentication enabled="true" />
                </authentication>
            </security>
        </system.webServer>
    </location>
</configuration>

Important: This solution assumes that you have following IIS components installed:

  • anonymousAuthentication
  • windowsAuthentication