What You Have Todo if a Brute Force Attacking Your WordPress Sites

Last Updated: February 7, 2015 | Reading Time: < 1 minute

One of my server had cpu outage last week because of a script repeating to access wp-login.php file with hundreds of request per minute.

if you do tail -f access.log it will return repeating requests
[shell]
146.0.79.23 – – [22/Aug/09:31:14:11 +0000] “GET /wp-login.php HTTP/1.1” 200 3327 “-” “Mozilla/4.0”
[/shell]

I will share my steps to recover it;

First thing todo is to block any access to wp-login.php to block the script running query that eat cpu resources.
Block wp-login.php from apache configuration. Add below lines to the bottom of /etc/apache2/apache2.conf
[shell]

Order allow,deny
Deny from all
Satisfy All

ErrorDocument 403 “Not acceptable”
[/shell]

Then restart apache
[shell]
/etc/init.d/apache2 restart
[/shell]

Now all access to wp-login.php will be blocked, tail -f error.log will return message like:
[shell]
[Fri Aug 22 09:51:14 2014] [error] [client xxx.xx.x.xxx] client denied by server configuration: /home/pupungbp/www/sitedomain.com/wp-login.php
[/shell]

The log above shows which site is being attacked by the bot script. Now you can setup a .htaccess script to protect wp-login.php for the site, I wrote about this few days ago.

Once the .htaccess setup, you can delete the wp-login.php blocking command on apache.conf and restart the apache.

Another alternative to protect your wp-login.php is to use plugin, there are several plugins to protect your wp-login.php being attacked, one of my favorite is BruteProtect.

Leave a Comment

Comments

No comments yet. Why don’t you start the discussion?

    Any idea? Fill the comment below

    This site uses Akismet to reduce spam. Learn how your comment data is processed.