Answer the question
In order to leave comments, you need to log in
How to get rid of Bruteforce attacks?
All hosted sites are subject to constant brute attacks. Basically it is CMS Wordpress. In .htaccess, access was limited only for your ip. But the load, nevertheless, remained small.
Is there any solution to reduce the load?
Answer the question
In order to leave comments, you need to log in
1. Create complex passwords. A complex password is very easy to remember, but brute force requires you to work for the US NSA. An example of such a password is "Milk the GoatOn the Field987 times"
2. Create a query analyzer. If an authorization request from the same host is repeated, insert a response pause. Double the pause on each attempt.
Just such a scenario helped me. Certainly not on WordPress.
Naturally, it remains - to beat off requests using the web server, in general, it is expensive.
The only question is that on shared hosting there is no other possibility, for example, to cut the attackers with the OS firewall, or with a hardware firewall in front of the server. Accordingly, you will have to put up with this load.
However, if you have Nginx in front of Apache on the hosting, and you have access to its configuration, which happens on some shared hostings, then it will be better to move the filtering there. This will significantly reduce the load.
There is such a solution as Fail2ban
There, various regex filters are configured to evaluate logs.
And depending on the rules, firewall rules are applied.
The simplest and most effective solution is to write some magic string in the UserAgent of your browser (for example, using the User-Agent Switcher for Chrome plugin) and restrict access by UserAgent (see, for example , point 6).
If this doesn't work for some reason, there are other options. Change admin url. Or screw one of those plugins for WP that bans by IP after N unsuccessful attempts to enter the admin area.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question