IIS: How to Protect Your WordPress Site from Brute Force Attacks.

Article
1/17/2024

Brute-force attacks can slow down your Wordpress website, make it inaccessible and even crack your password to install malware on your website.
You can stop it using the following solution (in web.config):

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  </system.webServer>
    <!-- Existing Configuration Excluded -->
    <location path="wp-login.php" overrideMode="Allow">
        <system.webServer>
            <security>
                <authentication>
                    <anonymousAuthentication enabled="false" />
                    <windowsAuthentication enabled="true" />
                </authentication>
            </security>
        </system.webServer>
    </location>
</configuration>

Important: This solution assumes that you have following IIS components installed:

anonymousAuthentication
windowsAuthentication

Share via

IIS: How to Protect Your WordPress Site from Brute Force Attacks.

Additional resources