Hi there,
I am wanting to add IP address block and allow to my website as I am experiencing brute force login attempts pretty rgularly now. Your plugin is doing an amazing job of keeping them out for now (login attempts block) but I fear eventually they will succeed. Having looked at the advice on the internet, it seems that adding IP address allow (for me only) and deny rest then this should be a good thing to do. Here is the advice on what to add to my admin .htaccess:
# Block access to wp-admin.
order deny,allow
allow from x.x.x.x
deny from all
If your theme or plugins use AJAX, you will most likely need to add an additional group of settings to your .htaccess so that functionality continues to work:
# Allow access to wp-admin/admin-ajax.php
<Files admin-ajax.php>
Order allow,deny
Allow from all
Satisfy any
</Files>
Having looked at the BPS generated .htaccess, it seems that there might be something already along those lines. Is this the case or should I add the above to the file?