What You Have Todo if a Brute Force Attacking Your WordPress Sites

How To, Linux, Wordpress

Last Updated

One of my server had cpu outage last week because of a script repeating to access wp-login.php file with hundreds of request per minute.

if you do tail -f access.log it will return repeating requests
[shell]
146.0.79.23 – – [22/Aug/09:31:14:11 +0000] “GET /wp-login.php HTTP/1.1” 200 3327 “-” “Mozilla/4.0”
[/shell]

I will share my steps to recover it;

First thing todo is to block any access to wp-login.php to block the script running query that eat cpu resources.
Block wp-login.php from apache configuration. Add below lines to the bottom of /etc/apache2/apache2.conf
[shell]

Order allow,deny
Deny from all
Satisfy All

ErrorDocument 403 “Not acceptable”
[/shell]

Then restart apache
[shell]
/etc/init.d/apache2 restart
[/shell]

Now all access to wp-login.php will be blocked, tail -f error.log will return message like:
[shell]
[Fri Aug 22 09:51:14 2014] [error] [client xxx.xx.x.xxx] client denied by server configuration: /home/pupungbp/www/sitedomain.com/wp-login.php
[/shell]

The log above shows which site is being attacked by the bot script. Now you can setup a .htaccess script to protect wp-login.php for the site, I wrote about this few days ago.

Once the .htaccess setup, you can delete the wp-login.php blocking command on apache.conf and restart the apache.

Another alternative to protect your wp-login.php is to use plugin, there are several plugins to protect your wp-login.php being attacked, one of my favorite is BruteProtect.

Any idea? Fill the comment below

This site uses Akismet to reduce spam. Learn how your comment data is processed.