How to Repair the Global Brute Force Attack on WordPress Self Hosted Sites?

This global brute force attack on self hosted WordPress sites has been going on for past few days. I am going to address different cases and attempted solutions here. Please bookmark this Q&A and check back for new case studies.


One site came to my notice today, where the users could not login because the login or admin page got redirected to a page that output “not acceptable“. I checked the .htaccess file and it seemed to have non-standard statements, which neither the developer nor the site-admin remember putting in. So, we removed the extra statements and retained only the default WordPress generated htaccess statements and the site was back to normal.

…to be cont’d…