On my small website, the greatest GPU usage is really around the WordPress login page, not the house page. I've essentially arrived at the final outcome that it's being assaulted with a brute pressure attack, or something like that similar.

I've installed a wordpress plugin that prevents password attacks from bots, however it does not avoid the bots from really going to the page to begin with.

I wish to change the position of the login page to something similar to wordpress-login-here.php, or possibly there's a much better solution. The Stealth Plugin appears enjoy it would have the desired effect, but it's not suitable for recent versions of WordPress. Any ideas?

EDIT: The actual fix for your problem was that i can perform a clean install of WordPress, this time around inside a version which was based on the Stealth wordpress plugin. After setting up Wordpress and also the Stealth wordpress plugin about this earlier version of Wordpress, I made use of the .htaccess file the wordpress plugin produced and replicated it over (determination couple of modifications) towards the production site. The main reason I recognized the solution Used to do was because Inappropriate Behavior wound up as being a good wordpress plugin, and also the other advice was helpful.

Like a suggestion, if you are on the static IP you could utilize b .htaccess .passwd file to limit accessibility admin directory to some known listing of IP addresses. Although this will not avoid the access attempts, it'll a minimum of lower the resource usage.

Wouldso would Time passes about adding your password to some single file?

Add this to WP's current .htaccess:

<FilesMatch "wp-config.php">
    AuthName "WordPress Admin"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user
</FilesMatch>

produce a .htaccess rule for that wordpress-admin directory and hang it either to a collection listing of IP's or perhaps a user/pass combo. You won't want to start hacking wordpress if you're able to cure it because the next upgrade will just undo your changes, and setting it in the Apache .htaccess level is a much more effective than attempting to patch wordpress.

What is the problem with only restricting the amount of login attempts by Ip? http://wordpress.org/extend/plugins/limit-login-attempts/

bad behavior can stop some known malicious IP addresses. it works together ProjectHoneyPot and keeps bad Insolvency practitioners from your web page of all time even fully loaded...

also, there's a method to hide your login page using .htaccess
lock out everybody trying to login greater than a couple of occasions as already stated by Jimmy

and besides that you ought to most likely enforce the next practises:

  • avoid using admin account (create another account with admin rights, however with another username than admin after which take away the default admin account)
  • force using SSL
  • use strong passwords