[wp-hackers] Admin Login Brute Force Attacks (Revisited)

Dion Hulse (dd32) wordpress at dd32.id.au
Fri May 17 15:17:28 UTC 2013


I've done similar stuff in wp-config.php before, a specific bot was hitting
my site rather heavily, so I added a if ( user_agent ) die(); check to the
top of wp-config.php..

I'd just add the same here:
if ( isset( $_POST['log'] ) && 'admin' == substr( $_POST['log'], 0, 5 ) )
die();
(Assuming the username field is 'log')



On 17 May 2013 10:08, Bryan Spahr <bryanspahr at gmail.com> wrote:

> For performance[*], I would like to be able to reject any login attempt
> where _POST['log'} begins with 'admin', and to do it at the earliest
> possible
> moment, to minimize the load on my server.
>
> Is login_form_login a reasonable place for this kind of check?  Or is there
> an earlier hook that would cause less load on the server?
>
> And what is the best way to "die" in this case - exit? die? redirect?
>
>
> Thanks,
> Bryan
>
> [*] This is NOT intended as a security measure.  I have taken all
> necessary and
> reasonable precautions to prevent someone from breaking in to any of the
> sites
> I host.  I'm looking to mitigate the resource usage caused by bots trying
> to
> log in as admin, or adminadmin, or administrator which is what I'm seeing
> and
> have been seeing for the past few months.
>
>
> > On Wed, Mar 20, 2013 at 6:10 PM, Chip Bennett <chip at chipbennett.net <
> http://lists.automattic.com/mailman/listinfo/wp-hackers>> wrote:
> > >* Also: I keep the "admin" account - reduced to the "subscriber" role.
> It*> >* makes for a great honeypot.*>
> > Totally unnecessary. I have no "admin" account at all on my site. I
> > get the Limit Login Attempts email 8-12 times a day regardless. All
> > "admin" attempts.
> >
> > -Otto
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list