[wp-hackers] Admin Login Brute Force Attacks (Revisited)

Daniel danielx386 at gmail.com
Sun May 19 23:46:47 UTC 2013


Why would you do an IP based check on PHP? Isn't that a waste of CPU?


On Mon, May 20, 2013 at 9:43 AM, Marko Heijnen <mailing at markoheijnen.nl>wrote:

> I use for my site an PHP based ip check and do block some IP addresses for
> wp-login.php and xmlrpc.php with Nginx rules
> A lot of people always forget that XML-RPC is also a way to retrieve
> passwords. Do say not used a lot but I would personally use that one.
>
>
> Op 20 mei 2013, om 01:35 heeft Daniel <danielx386 at gmail.com> het volgende
> geschreven:
>
> > Or you could just set it (as long as you are the only person who needs to
> > log in and you got a static IP address) so that only 1 IP address can get
> > to that file.
> >
> >
> >
> > On Mon, May 20, 2013 at 9:32 AM, Andrew Ozz <admin at laptoptips.ca> wrote:
> >
> >> Another good prevention measure is to set a simple htaccess password (or
> >> equivalent) only for wp-login.php. Yeah, the users will have to enter
> two
> >> passwords when logging in (heh, pseudo 2-step authorization?), but the
> bots
> >> only hit Apache not getting to PHP at all. Works on most shared hosting
> and
> >> reduces server load.
> >>
> >> AuthType Basic
> >> AuthName "[whatever]"
> >> AuthUserFile "/path/to/.htpwd"
> >> <Files "wp-login.php">
> >> require valid-user
> >> </Files>
> >>
> >>
> >>
> >> ______________________________**_________________
> >> wp-hackers mailing list
> >> wp-hackers at lists.automattic.**com <wp-hackers at lists.automattic.com>
> >> http://lists.automattic.com/**mailman/listinfo/wp-hackers<
> http://lists.automattic.com/mailman/listinfo/wp-hackers>
> >>
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list