Skip to content

How to Stop Brute Force in WordPress by Blocking Author Scans?

How to Stop Brute Force in WordPress by Blocking Author Scans

How to Stop Brute Force in WordPress by Blocking Author Scans?

Millions of websites worldwide are powered by WordPress, a well-liked content management system (CMS).


However, because of its popularity, it has become a top target for hackers and malicious bots looking to access it without authorization. Such assaults frequently employ the brute force method, in which attackers repeatedly try various username and password combinations until they discover the right credentials. In this blog article, we’ll look at a useful technique for disabling author scans in WordPress to thwart brute force assaults.



Understanding Brute Force Attacks

It’s essential to comprehend how brute force assaults operate before we go on to the answer. An automated program is used by hackers to produce a huge number of login attempts using various username and password combinations in a brute force attack. They take advantage of the fact that plenty of WordPress websites use flimsy or simple-to-guess login information. Once they discover the right combination, they can enter the website without authorization and perhaps do serious harm.


The Role of Author Scans

Author scans are often employed by hackers to gather information about potential usernames on a WordPress site. By scanning the author archives, which typically have URLs in the format of “,” hackers can easily obtain a list of valid usernames present on the website. Armed with this information, they can launch more targeted and efficient brute force attacks.


Preventing Brute Force Attacks by Blocking Author Scans

To stop brute force attacks in WordPress and thwart author scans, follow these steps:


Step 1: Install and Activate a Security Plugin

On your WordPress website, start by installing a reliable security plugin. Strong features are provided by plugins like Wordfence, iThemes Security, and Sucuri Security to improve the security of your website. Pick a plugin with author scan blocking functionality and brute force defense.


Step 2: Enable Brute Force Protection

After installing the security plugin, go its settings and turn on the brute force protection option. This feature often offers options to restrict login attempts, require strong passwords, and add extra security layers to the login process. Set the parameters as you see fit, but make sure the number of unsuccessful login attempts is kept to a minimum to deter brute-force assaults.


Step 3: Block Author Scans

To block author scans, you need to modify your website’s .htaccess file. This file controls server configuration and access rules. Access your website’s root directory using an FTP client or the file manager in your hosting control panel. Look for the .htaccess file and open it in a text editor.

Add the following lines of code to the .htaccess file:

# Block author scans
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/author/ [NC]
RewriteRule ^.*$ - [F,L]

Save the changes and upload the modified .htaccess file back to your server. This code snippet instructs the server to deny access to any URL that contains “/author/”. Consequently, hackers attempting to scan for authors will be met with a “403 Forbidden” error.


Step 4: Test and Monitor

After implementing the changes, it’s crucial to test the effectiveness of the solution and monitor your website’s security. Attempt to access an author archive URL (e.g., “”) to ensure that it is indeed blocked. Additionally, regularly review your security plugin’s logs and reports to identify any suspicious activities or login attempts.




Brute force attacks pose a significant threat to WordPress websites, but
by implementing the steps outlined above, you can effectively block author scans and strengthen your site’s security against brute force attacks. Remember, installing a reliable security plugin, enabling brute force protection, and blocking author scans through the .htaccess file are essential measures to safeguard your WordPress website.

It’s crucial to follow additional security best practices in addition to these actions, such as creating secure passwords, updating your WordPress core, themes, and plugins, and routinely backing up your website’s data. You may considerably lower the chance of brute force assaults by adopting a proactive security strategy and putting preventive measures in place, which will also safeguard your priceless WordPress site from unauthorized access and potential harm.

Keep in mind that keeping a safe website is a continuous effort, therefore it’s crucial to be on guard and knowledgeable about the most recent security procedures and vulnerabilities. Review and update your security procedures frequently to guarantee that your WordPress site is protected in the always changing digital environment.

You may lessen the risk of brute force attacks and improve the general security of your WordPress website by adhering to these recommendations and implementing the essential safety measures. Stay vigilant and safeguard yourself! If you want to create WordPress Website / WordPress Services / Support you can check our services.

Hire Us

Recommended Posts

1 Comment

  1. Simply desire to say your article is as surprising The clearness in your post is simply excellent and i could assume you are an expert on this subject Fine with your permission let me to grab your feed to keep up to date with forthcoming post Thanks a million and please carry on the gratifying work

Add a Comment

Your email address will not be published. Required fields are marked *

Shopping cart