This has been quite a long journey for myself. I've been dealing with Wordpress sites and the constant hammering of the wp-login.php. I'm quite clear about solutions using IP white listing via htaccess. I might be able to add the correct coding, but I simply don't know how this works.
From what I understand, when bots/people hammer the wp-login.php after I've blocked out all IPs except for my white listed ones, those bots will see a 403 Forbidden error page. Some bots leave or will most just continue to hammer away even when they get that 403 page?
So, am I correct that the bot can keep hammering away and will cause the server to display the error page? I'm just wondering if that's still going to cause server load issues or is this far less server intensive than what I have now, which is clear access to hammer the wp-login.php page. Is it going to be a substantial improvement? I just don't understand server loads and how the 2 scenarios compare.
I'm seeing about tidying up stats, but perhaps there is no clean way of dealing with people trying to gain access to wordpress installations. Once I've put in the htaccess IP block, will I just see an explosion in 403 pages in my stats and that's just a way of life?