A post on Twitter today alerted me to the fact that my WordPress application was probably under brute-force attack. \u00c2\u00a0A growing series of links told me reasons why it was happening, methods for understanding the degree of the problem and what to do about it. \u00c2\u00a0Some of the answers were good but the majority were downright silly or didn’t apply to my situation: a Blog hosted on my own server that I have full control over. \u00c2\u00a0So here’s my attempt to answer the above questions:<\/p>\n
Why is my Blog under Brute-Force attack?<\/strong> How bad is it?<\/strong> How should I prevent it?<\/strong> In my scenario, I’m rarely going to access the login from anywhere but my own home so I can lock it down to only allowing access to the login program from that IP address\/subnet. \u00c2\u00a0If I happen to be somewhere else then I can SSH to the server and briefly change the config. \u00c2\u00a0Below is the subsection I added to my Apache 2.2 config file: A post on Twitter today alerted me to the fact that my WordPress application was probably under brute-force attack. \u00c2\u00a0A growing series of links told me reasons why it was happening, methods for understanding the degree of the problem and what to do about it. \u00c2\u00a0Some of the answers were good but the majority were… Continue reading WordPress Brute-Force Attacks<\/span><\/a><\/p>\n","protected":false},"author":24,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-656","post","type-post","status-publish","format-standard","hentry","category-wordpress","entry"],"_links":{"self":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/users\/24"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=656"}],"version-history":[{"count":1,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/656\/revisions"}],"predecessor-version":[{"id":657,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=\/wp\/v2\/posts\/656\/revisions\/657"}],"wp:attachment":[{"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.stmellion.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\nIt’s on the Internet, the login page is exposed and there is no limit on the number of login attempts. \u00c2\u00a0Simple as that. \u00c2\u00a0This is the Internet and anything that exposed is going to get probed.<\/p>\n
\nRunning the following command against an Apache access log gives a pretty good idea on how much your login page is being accessed (Brute-Forced).
\nawk '\/wp-login\\.php\/ {print $1}' access.log | sort | uniq -c| sort -n<\/code><\/p>\n
\nA strong password is one obvious solution. \u00c2\u00a0Although this doesn’t prevent the server load of thousands of bots trying millions of passphrases, it’s better than getting your site hacked to hell and back.<\/p>\n
\n<Files \"wp-login.php\">
\nOrder Deny,Allow
\nDeny from all
\nAllow from 1.2.3.4
\n<\/Files>
\nErrorDocument 403 \"Not acceptable\"<\/code>
\nWhere 1.2.3.4 is my IP address (no it’s not really mine).<\/p>\n","protected":false},"excerpt":{"rendered":"