[wp-hackers] Detecting the present botnet attacks
doug at smithsrus.com
Fri Jul 12 14:48:33 UTC 2013
You could add another log in layer with basic HTTP authentication to protect your wp-admin directory. Or you could use the Google Authenticator plugin (http://wordpress.org/plugins/google-authenticator/) to give you second factor authentication through a smartphone.
fial2ban is still nice, though, because anything you can stop with it happens at the firewall so WordPress doesn't even see it, which is helpful for both performance and security. If you haven't seen it yet, there is a WP fail2ban plugin (http://wordpress.org/plugins/wp-fail2ban/) that will log WordPress login attempts so they can be used in fail2ban too.
Doug Smith: doug at smithsrus.com
On 11 Jul 2013 22:23:41 +0100, Les Bessant <les at lcb.me.uk> wrote:
> I've been using fail2ban, but I'm still seeing numerous single attempts to log on to my site - and they're not trying for "admin", they're actually targeting the user name that I post with. Getting one attempt at a time from numerous addresses.
> Looks like it's time to go back to using bad behaviour.
> Les Bessant les at lcb.me.uk
> Losing it - http://losingit.me.uk/
> Les Bessant Photography - http://lesbessant-photography.co.uk
More information about the wp-hackers