How to block brute-force attack on Wordpress - Printable Version +- Web Hosting Ask (https://www.webhostingask.com) +-- Forum: Web Hosting Main Forums (https://www.webhostingask.com/forumdisplay.php?fid=3) +--- Forum: Web Hosting Insider Tutorials (https://www.webhostingask.com/forumdisplay.php?fid=21) +--- Thread: How to block brute-force attack on Wordpress (/showthread.php?tid=33) |
How to block brute-force attack on Wordpress - StevenB - 06-28-2021 Hi, For those who have a server that running with CSF, this is how to block WordPress login attack. /usr/local/csf/bin/regex.custom.pm Code: if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) { /etc/csf/csf.conf Code: CUSTOM4_LOG = "/var/log/apache2/domlogs/*/*" You can check this using tail -f /var/log/lfd.log Cheers! RE: How to block brute-force attack on Wordpress - naba_dajani - 06-29-2021 Don't forget to put your country code under CC_ALLOW to avoid your country blocks. RE: How to block brute-force attack on Wordpress - robinzzz - 06-30-2021 (06-28-2021, 01:13 PM)StevenB Wrote: Hi, Working perfectly thanks, been having so many issues with WP lately. RE: How to block brute-force attack on Wordpress - jeffreedhmer - 07-03-2021 (06-28-2021, 01:13 PM)StevenB Wrote: Hi, 1. Use strong login credentials 2. Hide WordPress login page 3. Two-factor Authentication |