Reputation: 13
Wordpress how to block Attack from specific ip plage
How to prevent brute force attack on my wordpress site, it's hundred of failed attempts on my login page and it's come from two specific adress plage.
To block the attack i have installed wordfence, changed the url of login, and blocked the ip that i didn't recognize, it worked at first after 40 attack the user is blocked no more just let hundred attack come.
But after it got smarter, it attack from multiple ip address from bellow and also attack per hour or day to avoid wordfence blocking frequency
so I have two problem,
The first is that all attack come from 34.x.x.x and 35.x.x.x ip, so i guess the attacker use virtual machine or worker from google cloud, will that be alright to block all those adress to avoid further attack ? the site is for to show service so i think that we will rarely receive virtual machine user.
The second problem is that there is also ipv6 adress, i don't know if the rule "deny from ......." work on ipv6 in .htaccess
I tried to verify if this is just google service but the agent being google chrome and trying to access to my login page isn't right,
I have tried the above method but still receive attack, i fear that this will reduce the ressource of my account
Upvotes: -4
Views: 95
Answers (3)
Reputation: 708
Not sure If there is a Wordpress plugin already for such a scenario, since wp-login getting bombarded is a common issue.
In my experience switching off IP addresses one-by-one is a lost battle. What I have opted usually is by using the whitelist method of allowing only certain IP' addresses. That ofc requires you to have them static. I usually describe my home IP and work IP. And For other cases use a VPN to work or home.
Something like suggested here: How to enable Wordpress login only for 1 IP?
Upvotes: 0
Reputation: 1
Hide your wp-login then add
rewrite /wp-login.php $scheme://$remote_addr/wp-login.php permanent; in your nginx conf file
Upvotes: 0
Reputation: 1
Add the following to your .htaccess file then add the IP address and you an add additional lines below. Just also remove the "<-- add IP address here"
# disable access from specific IP address
<Limit GET POST>
order allow,deny
deny from xxx.xxx.xxx.xxx <-- add IP address here
allow from all
</Limit>
Upvotes: 0
Related Questions
- How can I prevent SQL injection in PHP?
- SecurityError: Blocked a frame with origin from accessing a cross-origin frame
- How can I sanitize user input with PHP?
- How to avoid reverse engineering of an APK file
- How can bcrypt have built-in salts?
- How does the SQL injection from the "Bobby Tables" XKCD comic work?
- WordPress - How to block Access to specific files or directories for users that are not logged in?
- How serious is this new ASP.NET security vulnerability and how can I workaround it?
- How should I ethically approach user password storage for later plaintext retrieval?