One of my server had cpu outage last week because of a script repeating to access wp-login.php file with hundreds of request per minute.
if you do
tail -f access.log it will return repeating requests
18.104.22.168 – – [22/Aug/09:31:14:11 +0000] “GET /wp-login.php HTTP/1.1” 200 3327 “-” “Mozilla/4.0”
I will share my steps to recover it;
First thing todo is to block any access to wp-login.php to block the script running query that eat cpu resources.
Block wp-login.php from apache configuration. Add below lines to the bottom of
Deny from all
ErrorDocument 403 “Not acceptable”
Then restart apache
Now all access to wp-login.php will be blocked,
tail -f error.log will return message like:
[Fri Aug 22 09:51:14 2014] [error] [client xxx.xx.x.xxx] client denied by server configuration: /home/pupungbp/www/sitedomain.com/wp-login.php
The log above shows which site is being attacked by the bot script. Now you can setup a .htaccess script to protect wp-login.php for the site, I wrote about this few days ago.
.htaccess setup, you can delete the
wp-login.php blocking command on
apache.conf and restart the apache.
Another alternative to protect your wp-login.php is to use plugin, there are several plugins to protect your wp-login.php being attacked, one of my favorite is BruteProtect.