Defeat wp-login.php Brute Force Attack By Whitelist IP in .htaccess

In dealing WordPress Login (wp-login.php) brute force attack, previously, I recommend changing username & password as mentioned in WordPress Brute Force Attack – Change Username/Login ID post.

For Cloudflare users, you may block the login page for other visitors from other country except yours as mention in Defeat wp-login.php Brute Force Attack Using Cloudflare & .htaccess. However, this method has there are some limitation where you must use Cloudflare services & not many attack originated from your country.

Another method is by whitelisting your IP. If your IP is dynamic, you may want to find out your IP ranges.

After that add the code below in your “.htaccess” file and replace the “allow from XXX.XXX.XXX.XXX/XX with your IP ranges.

<FilesMatch "wp-login.php">
 order deny,allow
 deny from all
 allow from XXX.XXX.XXX.XXX/XX
 allow from YYY.YYY.YYY.YYY/YY
 allow from ZZZ.ZZZ.ZZZ.ZZZ/ZZ

Migrate WordPress to HTTPS with Cloudflare Flexible SSL

Google announced that HTTPS as a ranking signal and will affect a search result. This is a great advantage to take this opportunity to migrate to HTTPS protocol. Furthermore, Cloudflare, offer FREE SSL for all websites that is using their services even FREE account.

To take this opportunity, I migrate this WordPress blog to HTTPS protocol by utilizing Flexible SSL. With flexible SSL I don’t have to spend any extra money to by SSL certificates or even install any self signed SSL certificate on my hosting account.

Migrating to HTTPS by using Cloudflare Flexible SSL is very easy & can be done by following the steps below.

1. Login to your Cloudflare account, select your domain and select Crypto. In SSL, make sure that you have an active certificate and select Flexible SSL.

2. Configuring WordPress for SSL/HTTPS. In WordPress dashboard browse to Settings -> General

3. Change the following from

WordPress Address (URL)
Site Address (URL)


WordPress Address (URL)
Site Address (URL)

4. Set up a 301 permanent redirect from HTTP to HTPPS. Best to do via Cloudflare Page Rules. To do this, in Cloudflare select your domain and select Page Rules.

5. In “Add new rule“, turn “ON” forwarding.

6. In “Forwarding type” select “Permanent – 301“.

7. In “URL Pattern” field key in “*“. Make sure “*” is there.

8. In “Destination URL” field key in “$1

9. Browse to your website to make sure everything is good.

10. If you have SSL error, the best is to use Google Chrome Developer tools to identify which web resources are not loading through HTTPS & fix it.