WordPress Brute Force wp-admin Attacks - What to Look For


8Dweb wants to share some tips to website owners to help YOU find and mitigate brute-force attacks on your WordPress admin login.

  • Be SURE to view your error and transfer logs for your site through the SiteWorx Control Panel
  • Look for wp-login.php in the access log, usually in groups of a handful of attempts, often from different but similar IPs. Keep in mind your IP will have wp-login.php entries - don't block that. To check your IP you can use http://fetchip.com
  • Remove your admin user - rename it to something LONG. Reset your admin password.
  • Change your database prefix
  • Install and configure Better WP Security - OR purchase our WordPress Security Package and we will do ALL of this for you.
  • Add this code to your .htaccess file in the ROOT of your site or in the wp-admin folder, change ?.example.com to YOUR domain - such as ?.8Dweb.com in the 5th line below. We have reports that the attack has been modified to overcome this now...:
  • RewriteEngine on
    RewriteCond %{REQUEST_METHOD} =POST
    RewriteCond %{HTTP_REFERER} !^http://(.*)?.example.com [NC]
    RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^/wp-admin$
    RewriteRule ^(.*)$ - [R=403,L]
    

Comments

Please login to comment