WordPress Brute Force wp-admin Attacks - What to Look For
- 06/06/2020 8:01 PM
8Dweb wants to share some tips to website owners to help YOU find and mitigate brute-force attacks on your WordPress admin login.
- Be SURE to view your error and transfer logs for your site through the SiteWorx Control Panel
- Look for wp-login.php in the access log, usually in groups of a handful of attempts, often from different but similar IPs. Keep in mind your IP will have wp-login.php entries - don't block that. To check your IP you can use http://fetchip.com
- Remove your admin user - rename it to something LONG. Reset your admin password.
- Change your database prefix
- Install and configure Better WP Security - OR purchase our WordPress Security Package and we will do ALL of this for you.
- Add this code to your .htaccess file in the ROOT of your site or in the wp-admin folder, change ?.example.com to YOUR domain - such as ?.8Dweb.com in the 5th line below. We have reports that the attack has been modified to overcome this now...:
-
RewriteEngine on RewriteCond %{REQUEST_METHOD} =POST RewriteCond %{HTTP_REFERER} !^http://(.*)?.example.com [NC] RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR] RewriteCond %{REQUEST_URI} ^/wp-admin$ RewriteRule ^(.*)$ - [R=403,L]
