Lately this blog has been targeted by many attackers varying from brute force attacks to D-DOS. Although I couldn’t do much about DDOS (servers provider takes care of that), I was able to mitigate the brute forcing attacks on my wordpress. I’ve been using this trick for a while and it keeps bad guys away from my wp sensitive pages.
First let me share with you a snippet from my logs. (I know you love these 😛 )
Yep that is a 4167 attempts to penetrate wp-login.php form. Fortunately I know this was coming so after installation I simply created a filter using Apache .htaccess to filter out all connection to wp-login.php and wp-admin/ except the one coming from my IP address!
If these attacks were coming from a single IP, this can be easily mitigated by blocking that single IP address using iptables -A INPUT -s #that-IP-addr# -j DROP command, but unfortunately this is not the case.
The best way, I think, is to protect both files (folders) with .htacess rules as follow:
at root / folder I have:
<files "wp-login.php"="">
order deny,allow
deny from all
allow from ##.##.##.## #your IP address obviously..
then at wp-admin/ folder I have:
order deny,allow
deny from all
allow from ##.##.##.## #your IP address obviously..
order deny,allow
deny from all
Why will this work I hear you asking?
For a brute force attempt to be successful the attacker has to achieve a full syn-ed connection, which means he/she cannot spoof IP address because in that case no reply will be received.
This will keep all the bots, and opportunistic attackers away facing a 403 page (install an exploit on it? or track them? 😉 )
Leave a reply