What You Have Todo if a Brute Force Attacking Your WordPress Sites

Last Updated: February 7, 2015 | Reading Time: < 1 minute

One of my server had cpu outage last week because of a script repeating to access wp-login.php file with hundreds of request per minute.

if you do tail -f access.log it will return repeating requests
[shell] – – [22/Aug/09:31:14:11 +0000] “GET /wp-login.php HTTP/1.1” 200 3327 “-” “Mozilla/4.0”

I will share my steps to recover it;

First thing todo is to block any access to wp-login.php to block the script running query that eat cpu resources.
Block wp-login.php from apache configuration. Add below lines to the bottom of /etc/apache2/apache2.conf

Order allow,deny
Deny from all
Satisfy All

ErrorDocument 403 “Not acceptable”

Then restart apache
/etc/init.d/apache2 restart

Now all access to wp-login.php will be blocked, tail -f error.log will return message like:
[Fri Aug 22 09:51:14 2014] [error] [client xxx.xx.x.xxx] client denied by server configuration: /home/pupungbp/www/sitedomain.com/wp-login.php

The log above shows which site is being attacked by the bot script. Now you can setup a .htaccess script to protect wp-login.php for the site, I wrote about this few days ago.

Once the .htaccess setup, you can delete the wp-login.php blocking command on apache.conf and restart the apache.

Another alternative to protect your wp-login.php is to use plugin, there are several plugins to protect your wp-login.php being attacked, one of my favorite is BruteProtect.

Leave a Comment


No comments yet. Why don’t you start the discussion?

    Any idea? Fill the comment below

    This site uses Akismet to reduce spam. Learn how your comment data is processed.