MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
MyBB Internal: One or more warnings occurred. Please contact your administrator for assistance.
How to block brute-force attack on Wordpress - Printable Version
|
How to block brute-force attack on Wordpress - Printable Version
+- Web Hosting Ask (https://www.webhostingask.com)
+-- Forum: Web Hosting Main Forums (https://www.webhostingask.com/forumdisplay.php?fid=3)
+--- Forum: Web Hosting Insider Tutorials
(https://www.webhostingask.com/forumdisplay.php?fid=21)
+--- Thread: How to block brute-force attack on Wordpress (/showthread.php?tid=33)
|
How to block brute-force attack on Wordpress - StevenB - 06-28-2021
Hi,
For those who have a server that running with CSF, this is how to block WordPress login attack.
/usr/local/csf/bin/regex.custom.pm
Code: if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
}
You can replace 3600 with 1 if want to block IP permanently.
/etc/csf/csf.conf
Code: CUSTOM4_LOG = "/var/log/apache2/domlogs/*/*"
The load on the server will not high. Mine load only load average: 9.78, 10.68, 10.16.
You can check this using tail -f /var/log/lfd.log
Cheers!
RE: How to block brute-force attack on Wordpress - naba_dajani - 06-29-2021
Don't forget to put your country code under CC_ALLOW to avoid your country blocks.
RE: How to block brute-force attack on Wordpress - robinzzz - 06-30-2021
(06-28-2021, 01:13 PM)StevenB Wrote: Hi,
For those who have a server that running with CSF, this is how to block WordPress login attack.
/usr/local/csf/bin/regex.custom.pm
Code: if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
}
You can replace 3600 with 1 if want to block IP permanently.
/etc/csf/csf.conf
Code: CUSTOM4_LOG = "/var/log/apache2/domlogs/*/*"
The load on the server will not high. Mine load only load average: 9.78, 10.68, 10.16.
You can check this using tail -f /var/log/lfd.log
Cheers!
Working perfectly thanks, been having so many issues with WP lately.
RE: How to block brute-force attack on Wordpress - jeffreedhmer - 07-03-2021
(06-28-2021, 01:13 PM)StevenB Wrote: Hi,
For those who have a server that running with CSF, this is how to block WordPress login attack.
/usr/local/csf/bin/regex.custom.pm
Code: if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
return ("Failed Wordpress login from",$1,"wordpress","5","80,443","3600");
}
You can replace 3600 with 1 if want to block IP permanently.
/etc/csf/csf.conf
Code: CUSTOM4_LOG = "/var/log/apache2/domlogs/*/*"
The load on the server will not high. Mine load only load average: 9.78, 10.68, 10.16.
You can check this using tail -f /var/log/lfd.log
Cheers!
1. Use strong login credentials
2. Hide WordPress login page
3. Two-factor Authentication
|