Few days ago I've created a solution to block wp-login.php bruteforce attacks. After implementing it to the several sites the logs now are filled with a new phenomenon.
Confused hackers, knowing that site is on the wordpress platform, try to find if this wp-login.php file is moved somewhere. And they actually scans all possible combination of paths on the site. Luckily this doesn't affect on the server's resource as hard as bruteforce attack. It's much easier to ...Read more
I'm maintaining a lot of Wordpress based sites. And almost daily there is some brute force attack on one of them. The target of these attacks is wp-login.php file. There is a lot of solutions to protect this file by limiting an access to it using separate password or manually adding allowed IP address. And changing them all the time is not an option for me.
So how I solved this? By automagisation! ;)
Main point is to modify .htaccess file to have access rules ...
Wordpress, Joomla, Blogger, Tumblr are far away from my needs. These platform and services are just full of vanities in mind of simple blogging. I need very very very simple platform without any distractions and with my own domain. None of them provided that. For my travel blog I already use Wordpress platform and I know it almost in and out. I could modify it, but it still too overload for simplicity. You yell, Ghost! I know and I already tested it too. Everything on my server is php based. ...Read more