Last Updated: February 7, 2015 | Reading Time: < 1 minute
One of my server had cpu outage last week because of a script repeating to access wp-login.php file with hundreds of request per minute.
if you do tail -f access.log
it will return repeating requests
[shell]
146.0.79.23 – – [22/Aug/09:31:14:11 +0000] “GET /wp-login.php HTTP/1.1” 200 3327 “-” “Mozilla/4.0”
[/shell]
I will share my steps to recover it;
First thing todo is to block any access to wp-login.php to block the script running query that eat cpu resources.
Block wp-login.php from apache configuration. Add below lines to the bottom of /etc/apache2/apache2.conf
[shell]
Order allow,deny
Deny from all
Satisfy All
ErrorDocument 403 “Not acceptable”
[/shell]
Then restart apache
[shell]
/etc/init.d/apache2 restart
[/shell]
Now all access to wp-login.php will be blocked, tail -f error.log
will return message like:
[shell]
[Fri Aug 22 09:51:14 2014] [error] [client xxx.xx.x.xxx] client denied by server configuration: /home/pupungbp/www/sitedomain.com/wp-login.php
[/shell]
The log above shows which site is being attacked by the bot script. Now you can setup a .htaccess script to protect wp-login.php for the site, I wrote about this few days ago.
Once the .htaccess
setup, you can delete the wp-login.php
blocking command on apache.conf
and restart the apache.
Another alternative to protect your wp-login.php is to use plugin, there are several plugins to protect your wp-login.php being attacked, one of my favorite is BruteProtect.