Most tutorials for protecting wp-login.php for WordPress block users who are actually trying to make login attempts which makes logical sense. The problem with this method is that these brute force protection methods are still expensive for your web server. When a user tries to log in, PHP processing occurs and MySQL queries are made … Continue reading Protect WordPress wp-login with Apache HTTP Auth + fail2ban