Block WordPress Attack with CSF

Edit /etc/csf/ and add:

Code: Select all

# wordpress
if (($globlogs{CUSTOM4_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
return ("Failed WordPress login from",$1,"wordpress","20","80,443","3600");

Then update /etc/csf/csf.conf and change CUSTOM4_LOG to scan your web server access logs. (If they aren’t doing so already). Eg. for Plesk: /var/www/vhosts/system/*/logs/access_log

That rule will block brute force attacks to wp-login.php for one hour. If you want to block them permanently just change the 3600 to 1.



Leave a Reply

Your email address will not be published.