[wp-hackers] Detecting the present botnet attacks

Jeff Morris wp-hackers at zipsbazaar.co.uk
Thu Jul 11 06:14:28 UTC 2013

On 10/07/2013 14:37, Nikola Nikolov wrote:
> This plugin will wp_die() (you can probably switch to just die() ) with
> status 500 displaying just the "Unauthorized login" message unless you're
> visiting the proper URL
I have a couple of problems with that response.

First, a real HTTP 500 code indicates a fatal internal server error that 
could result from anything, such as a typo in your .htaccess. In your 
case no such error has occurred, so the 500 code is at best untrue.

Second, the 'Unauthorized login' message upon wp_die() or die() (which I 
presume will be read and understood by someone attempting a hands-on 
unauthorized login) has an adversarial twang to it that might just 
antagonize the scriddies out there.

If you're choosing to deny access to a service for whatever reason, it 
might make sense to terminate with an HTTP 503 Service Unavailable, and 
the message 'Sorry, this service is unavailable.'

It's honest and it's innocuous, but like any 'solution' it still won't 
stop them knocking at the door.

More information about the wp-hackers mailing list