wordpress attacks are getting worse

hello all -

this AM i awoke only to discover that the wordpress attacks seem to be growing exponentially. i am not concerned about the sites themselves as they are too well locked down, but the thousands of attacks seem to be hitting my apache server very hard.

using the csf firewall "deny" option is helpful, but what i want to do is to somehow seriously "slow down" any IP that hits the wordpress login "wp-login.php" script too often.

i have posted a question on the CSF forum here in case anybody else is running into a similar issue.

personally, i am convinced i am being hit and hit hard by other compromised wordpress sites judging by the IP numbers i am seeing.

note there are quite a few very good wordpress security plugins. my favorites are si-captcha, login-delay, and limit-login-lockdown. yes its overkill to have so many, but with attacks getting seemingly worse by the hour, all these plug-ins help me sleep better at night.
 

Quags

Administrator
Staff member
Overall re-naming the wp-login.php is the best option since they are automatic brute force attacks, normally from hacked servers. So the ips are constantly changing.
 
renaming the WP admin username is "markIsHandsome" is an easy effective strategy, and its also true.

but my real concern with this forum thread is how apache reacts to all this -- and i am wondering if there is any way to get the apache webserver to handle this. i had hoped the CSF firewall might be able to slow it down a bit.
 

Quags

Administrator
Staff member
renaming the WP admin username is "markIsHandsome" is an easy effective strategy, and its also true.

but my real concern with this forum thread is how apache reacts to all this -- and i am wondering if there is any way to get the apache webserver to handle this. i had hoped the CSF firewall might be able to slow it down a bit.
apache can't really do much for it, since it does not know a valid login from invalid.

Looks like plugins are the way to go, like: https://wordpress.org/plugins/wp-fail2ban/
 
maybe apache cant do much, but i think CSF has some mechanism to tell if it keeps getting the same request for the same page over and over.

i am not worried about a WP break-in since its very easy to foil. but lately i have noticed that hackers can keep opening certain pages, and then each one opens up a new CGI process. that has crashed my server on a few occasions!

i have a bash process that runs every two minutes looking for cgi processes. if i see more than 30, i restart apache. that is not much of a solution, but it keeps the server up.

the other process i have running every 10 minutes looks at the tail of all the log files. if i see more than 200-ish attempts to hit the wp-login.php from the same IP nbr, i put the IP number into a firewall csf-deny file. again, not much of a solution.
 

mikelouis

New Member
I just heard some news the other day how some guys managed to bring down a major site by using WordPress. I think people are getting more creative hiding their identities by using multiple WordPress blogs. They should do something about it.
 
Top