If you’re a blogger that generally stays put and has a static IP address then there’s a simple and effective way to block the rest of the world from accessing your administration area, and if they can’t access it, then you’re protected from brute force attacks and any intrusion that involves navigating to /wp-admin.
There’s all the added benefit of blocking intruders from accessing your admin area even if they do somehow get your login details. Of course there’s still the chance of them fooling this method with IP spoofing but it might just hold them off long enough for you to lock them out.
Anyways, login to your server via FTP (or SFTP if you want to be extra awesome) and navigate to /wp-admin folder. If you haven’t done so already, create a .htaccess file and place this code in there:
order deny, allow
allow from xxx.xxx.xx
deny from all
But wait! You’re not done yet…
Head over to whatismyip.com and find out what your IP address is. Replace xxx.xxx.xx with your IP address and save the file.
The problem with this method is not all bloggers work from the same computer or IP address all the time. For those folk you’ll want to read the section about the AskApache Password Protect plugin.
[...] 3. Secure the Folder with .htaccess [...]