Block 99.99% of hacking bot attacks on WordPress via htaccess

If your host keeps telling you that you’re using too many resources, it’s possible that you have a bot problem. Hackers create bots to break into WordPress websites via the login screen (also known as wp-admin). By just adding this code to your .htaccess to block 99.999% of no-referrer bots from your wp-admin.

Replace REPLACEWITHYOURURL with your own domain. No referrer bots are the ones that do a lot of brute force attacks on your WordPress site.

# block comment spam by denying access to no-referrer requests
RewriteEngine On
RewriteCond %{REQUEST_URI} wp-login\.php
RewriteCond %{HTTP_USER_AGENT} ^-?$
RewriteRule .* [R=301,L]
Our time: 6:45am UTC