Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Denied brutforce wp-login.php

Comments

7 comments

  • 24x7server
    Hello, You will have to setup SecDataDir path in modsec2.conf file. Edit modsec2.conf and add: SecDataDir /tmp
    Also you can disable wp-login through httpd conf file of all domain Edit /usr/local/apache/conf/httpd.conf and add the following near the other lines: Order allow,deny Deny from all Satisfy All ErrorDocument 403 "Not acceptable"
    Restart Apache.
    0
  • bltst2
    I had pretty good success with Fail2Ban. Very easy implementation. I wrote a blog post on it here: [url=http://www.briantobin.org/2013/11/14/preventing-wordpress-brute-force-attacks-with-fail2ban]Preventing WordPress Brute Force Attacks with Fail2Ban
    0
  • cPanelMichael
    Hello :) WordPress has an official document on blocking brute force attacks that might interest you: [url=http://codex.wordpress.org/Brute_Force_Attacks]Brute Force Attacks " WordPress Codex Thank you.
    0
  • quizknows
    RUID2 breaks the hell out of modsecurity. This is because the running HTTPD procs have different users, and thus, the logs can't be properly owned for modsecurity/apache. If you need modsec (which honestly, everyone does, it's downright foolish to not use it), then I don't recommend using RUID2 unless you're comfortable with 777 logs and some other "workarounds." At this time it's much more compatible to use cloudlinux, suphp, cagefs, and a normal modsec implementation. The main issue I've seen is when one domain creates a log or dir for modsec tmp data, that domains user takes ownership of the file (because of how RUID2 works). This ends up making it so that other domains cannot properly log or store tmp data for modsecurity.
    0
  • rhenderson
    We are using the Mod Security rule as listed above, but most of the hackers are wise to this so the attacks are distributed through a range of IP's. One of the best plugins we have seen recently (and we recommend to our users) is called Login Security Solutions it is an interesting plugin that throttles the attacker to a crawl. On the sites we manage it has helped. We also created a script to run to check the amount of incorrect logins [QUOTE]#!/bin/bash grep -R "wp-login.php" /usr/local/apache/domlogs/* | grep "POST" | awk -F: '{ print $2 }' | awk '{print $1}' | sort | uniq -c | sort -n
    We were shocked that someone could slowly attack and not get firewall from the Mod Security rule (like the above) but continue to attack as slow as molasses, this was going on before we added the Login Security Solutions plugin. We ban the IP's that have over 10 attempts.
    0
  • ladis
    we are using plugins like Hide WP and it can hide login page, there is couple of free plugins like this as well.
    0
  • F-X
    I know that protection from the server as modsecurity can be better. But sometimes not all people have access to the server as an administrator. So the only solution I've found on different servers is to use these plugins: Wordfence Security and Easy Captcha (with reCaptcha).
    0

Please sign in to leave a comment.