Skip to main content

Prevent wordpress Brute Force Attacks

Comments

8 comments

  • cPanelPeter cPanel Staff
    Hello, A simple Google search will show lots of different links to information guarding against these attacks. [url=http://codex.wordpress.org/Brute_Force_Attacks]Brute Force Attacks " WordPress Codex [url=http://wordpress.org/plugins/tags/brute-force]WordPress " brute force " Tags " WordPress Plugins [url=http://wordpress.org/plugins/bruteprotect/]WordPress " BruteProtect " WordPress Plugins [url=http://blog.sucuri.net/2013/04/protecting-against-wordpress-brute-force-attacks.html]Protecting Against WordPress Brute-Force Attacks | Sucuri Blog [url=http://wphow.org/wordpress-login-protection-from-brute-force-attacks/]WordPress Login protection from brute force attacks :: WP How
    0
  • rackaid
    If you mean brute force attacks against usernames, one of the easiest methods is to use HTTP Auth on the login and /admin areas. This is good if you have just a few authors/users. We've seen many problems prevented by blocking this type of attack. Also, limiting direct access to include areas helps as well. [url=http://codex.wordpress.org/Brute_Force_Attacks]Brute Force Attacks " WordPress Codex
    0
  • romanepo
    Attacker attack all wordpress site.I want central solution, .htaccess script can single wordpress site solution.Are you know any modsecurity rules or anything prevent all wortpress site for Brute Force Attacks.
    0
  • ChrisFirth
    I use this rule with mod sec: SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:4900000 SecRule user:bf_block "@gt 0" "deny,status:401,log,severity:'2',id:4900001,msg:'Wordpress Brute Force: IP blocked for 5 minutes, more than 15 login attempts in 3 minutes'" SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137" SecRule ip:bf_counter "@gt 15" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
    0
  • quizknows
    That rule is very effective. It can actually be condensed to one collection (initcol) instead of two, slightly more efficient resource wise: SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},id:5000134 SecRule ip:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'" SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136" SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137" SecRule ip:bf_counter "@gt 10" "t:none,setvar:ip.bf_block=1,expirevar:ip.bf_block=300,setvar:ip.bf_counter=0"
    0
  • Ryu27
    I have used BruteProtect and it has worked very well for me.:)
    0
  • HSN-Saman
    Install mod_security as a WAF and get COMODO rules on it, and also password protect the wp-admin . Try keeping the Wordpress update for the last security vulnerabilities .
    0
  • rhenderson
    We have installed a plugin called Login Security Solutions as well to help and even with the Mod Security rule above, but in the end your best defense is in the wp-admin folder .htaccess file, now if we could just get all the website owners on board. #AuthName "Admins Only" # ALLOW USER BY IP order deny,allow deny from all allow from 1.2.3.4 allow from 5.6.7.8 # PREVENT VIEWING OF .HTACCESS order allow,deny deny from all
    Of course change the above IP's to your own :-) You can use 1.2.3.4/19 or whatever is appropriate for your IP blocks, with so many people with IP's even if we allow the entire ISP block for a provider it is better than letting the whole world have access to wp-admin.
    0

Please sign in to leave a comment.