The best two options for this are:
- 1) Change the permissions of the mapped directory to 0
- 2) Map the domain to an empty directory
Option 1 is probably the easiest for getting the site back online later.
You can do this via the Account Control Center or via SSH. From the ACC:
- 1) Click on Files
- 2) Click on Web
- 3) Click on the current permissions next to fencingsportpsychology.com
drwx---r-x (705) - 4) Change the numbers in the Permission row to all 0's
- 5) Click on Change Permissions
Under attack, part 2:
WordPress is so widely used it is often targeted for exploit, which is why it is so vital to keep it updated.
Often, the best and most effective option is to limit which IPs are allowed to access the wp-login.php file via allow/deny lines in the .htaccess file. As long as your IP does not change often, this should work best. If you have a dynamic IP (one that changes) from your ISP, contact them and ask for a range of IPs you are likely to be assigned, then allow just those ranges access to the wp-login.php file. Lines like those listed below should work (using your current IP in the example)
<Files wp-login.php>
Order deny,allow
Deny from all
Allow from 71.182.199.246
</Files>
The plugin you mentioned can also be used.
This plugin moves the /wp-admin page.
https://wordpress.org/plugins/change-wp-admin-login/
As long as you select a unique new name to move the admin to, and do not link the login on the site
anywhere, moving the admin section should be relatively effective.
