Prevent wordpress Brute Force Attacks
How to i secure wordpress brute force attack. /usr/bin/php /home/.............../public_html/index.php
I installed modsecurity but use default rules ,it not working properly.
How can i secure this type of attack.
-
Hello, A simple Google search will show lots of different links to information guarding against these attacks. [url=http://codex.wordpress.org/Brute_Force_Attacks]Brute Force Attacks " WordPress Codex [url=http://wordpress.org/plugins/tags/brute-force]WordPress " brute force " Tags " WordPress Plugins [url=http://wordpress.org/plugins/bruteprotect/]WordPress " BruteProtect " WordPress Plugins [url=http://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html]Protecting Against WordPress Brute-Force Attacks | Sucuri Blog [url=http://wphow.org/wordpress-login-protection-from-brute-force-attacks/]WordPress Login protection from brute force attacks :: WP How 0 -
If you mean brute force attacks against usernames, one of the easiest methods is to use HTTP Auth on the login and /admin areas. This is good if you have just a few authors/users. We've seen many problems prevented by blocking this type of attack. Also, limiting direct access to include areas helps as well. [url=http://codex.wordpress.org/Brute_Force_Attacks]Brute Force Attacks " WordPress Codex 0 -
Attacker attack all wordpress site.I want central solution, .htaccess script can single wordpress site solution.Are you know any modsecurity rules or anything prevent all wortpress site for Brute Force Attacks. 0 -
I use this rule with mod sec: SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:4900000 SecRule user:bf_block "@gt 0" "deny,status:401,log,severity:'2',id:4900001,msg:'Wordpress Brute Force: IP blocked for 5 minutes, more than 15 login attempts in 3 minutes'" SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137" SecRule ip:bf_counter "@gt 15" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
0 -
That rule is very effective. It can actually be condensed to one collection (initcol) instead of two, slightly more efficient resource wise: SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},id:5000134 SecRule ip:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'" SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137" SecRule ip:bf_counter "@gt 10" "t:none,setvar:ip.bf_block=1,expirevar:ip.bf_block=300,setvar:ip.bf_counter=0"
0 -
I have used BruteProtect and it has worked very well for me.:) 0 -
Install mod_security as a WAF and get COMODO rules on it, and also password protect the wp-admin . Try keeping the Wordpress update for the last security vulnerabilities . 0 -
We have installed a plugin called Login Security Solutions as well to help and even with the Mod Security rule above, but in the end your best defense is in the wp-admin folder .htaccess file, now if we could just get all the website owners on board. #AuthName "Admins Only" # ALLOW USER BY IP order deny,allow deny from all allow from 1.2.3.4 allow from 5.6.7.8 # PREVENT VIEWING OF .HTACCESS order allow,deny deny from all
Of course change the above IP's to your own :-) You can use 1.2.3.4/19 or whatever is appropriate for your IP blocks, with so many people with IP's even if we allow the entire ISP block for a provider it is better than letting the whole world have access to wp-admin.0
Please sign in to leave a comment.
Comments
8 comments