How to Protect Your WordPress – WPSetup Attack
How to Protect WordPress
According to Wordfence, the WP Setup attack is gaining momentum. You can avoid falling victim, by following the How to Protect Your WordPress procedures below:
A Safe Way to Install a New WordPress
Before you begin your WordPress installation, make a .htaccess file in your web directory containing the following:
deny from all
allow from <ip-address>
Replace the ‘<ip-address >’ with your current IP address which you can find by visiting whatsmyip.org.
When the lines above are added to your .htaccess file only you can access your website during the installation and setup of WordPress. This will stop anyone getting in before you complete your installation and stops them from taking control of your hosting account by uploading malicious code.
Once you have completed your setup and protected your WordPress, you must remove the rule you added to your .htaccess and allow everyone to access your website.