Jump to content

How to block requests from IPs trying to brute force your WordPress

spandso

By spandso
in Website Management and Coding

 Share

Recommended Posts

spandso Rookie

spandso

Posted
Posted (edited)

I've been experiencing a lot of attacks, mainly brute-force password attacks, at my WordPress site and I was looking for a solution to this problem. I have installed the plugins such as Sucuri and Wordfence that provide some protection but the problem of blocking those bad IPs remained.

 

Sites like blocklist.de provide lists of such blacklisted IPs but how to import those lists in WordPress and use them to block those IPs? I found an easy solution through an excellent free plugin called CIDRAM:

 

https://github.com/CIDRAM/CIDRAM/blob/master/_docs/readme.en.md

 

My solution to protect WordPress so far is to use Sucuri and CIDRAM. Those two work well so far and don't overload the server CPU. Eventually I would like to move away from WordPress since it's very problematic...

Edited by spandso
Sn1F3rt Newbie

Sn1F3rt

Posted
Posted

Hi spandso,

 

I would recommend you to use the Wordpress plugin 'Loginiser'. By the use of this plugin you will be able to limit the number of login attempts to your website. 

 

Personally I would suggest you not to leave WordPress coz they power 33% of the internet afterall.

 

Regards,

  • Like 1
wolstech Grand Master

wolstech

Posted
Posted

The best way to keep people from breaking into WP is to not use WP.

 

Half the time when WP gets hacked, it wasn't brute-force anyway...it's the fact that the thing is so poorly written that it's full of security holes.

Byron Explorer

Byron

Posted
Posted
How to turn your .htaccess file from 1 KB to 100 MB ^ /s

 

 

btw, you really think he's got that many ip's trying to attack his account? I think if it were so, I'd change my domain name.

Flaze Contributor

Flaze

Posted
Posted

Yikes, didn't know I couldn't make a small joke. Thanks for the 1 warning, Byron. Do you know what "/s" means?

Krydos Grand Master

Krydos

Posted
Posted

Personally I would suggest you not to leave WordPress coz they power 33% of the internet afterall.

Please don't encourage people to use this piece of trash software.
  • Like 1
spandso Rookie

spandso

Posted
  • Author
Posted

Thank you all for your responses!

 

@Krydos, @wolstech, @flazepe: Yes I agree WP is insecure and badly developed but unfortunately I have invested a lot of time and effort to build my site with that. I will move to something better like Joomla when I manage to do so.

 

@Byron: I used .htaccess to block several IPs and also tried to be creative (block specific user agent used by the bad IPs). Unfortunately the list of IPs is growing. I've found out those IP are blacklisted in services like blocklist.de. CIDRAM solve the problem of having to continously update .htaccess with new bad IPs.

 

@sohamb03: Thank you for your suggestion. I will give it a try. For the time being my config (Sucuri + CIDRAM) works fine.

 

My advise: If you have a WP site please try to secure it as much as possible by doing the following (please feel free to add to the list):

  • Change the default admin username from "admin" to something else.
  • Install and activate a security plugin such as Sucuri
  • Install the blocklist plugin CIDRAM
  • Avoid installing too many plugins or plugins that are not updated regularly.
Sn1F3rt Newbie

Sn1F3rt

Posted
Posted

@sohamb03: Thank you for your suggestion. I will give it a try. For the time being my config (Sucuri + CIDRAM) works fine.

Yeah sure. Loginizer definitely works coz it has been protecting my website from bruteforce attacks over a year now.

 

Cheers!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...