How do I block unknown bots to my sites?


Staff member
We are getting bruteforce attacked on our sites and I am afraid to ban the IP's as they may be rotating IP's or legitimate users at some point in there life span.

I would like to block all unknown bots from accessing my site. Specifically my /wp-login.php file.

I have spent hours trying to find the code to do this. I am open to suggestions of course. But is there anyway to ban the unknown bots but not ban google and such?

I have captcha setup on my login form and limiting login attempts to 3 fails then lockout for 36 hours then 2 more fails and lockout for 96 hours. This however is not slowing down the attacks and they seem to have an endless pool of IP's to choose from.

<strong>What I ended up doing on top of generally tightening WP security is locking access to wp-login.php and wp-admin folder.
Very easy and quick setup guide here <a href="" rel="nofollow"></a> for the wp-login.php file
Locking a folder can be done easily in any Cpanel or plesk.</strong>