Few days ago I've created a solution to block wp-login.php bruteforce attacks. After implementing it to the several sites the logs now are filled with a new phenomenon.
Confused hackers, knowing that site is on the wordpress platform, try to find if this wp-login.php file is moved somewhere. And they actually scans all possible combination of paths on the site. Luckily this doesn't affect on the server's resource as hard as bruteforce attack. It's much easier to ...Read more
I'm maintaining a lot of Wordpress based sites. And almost daily there is some brute force attack on one of them. The target of these attacks is wp-login.php file. There is a lot of solutions to protect this file by limiting an access to it using separate password or manually adding allowed IP address. And changing them all the time is not an option for me.
So how I solved this? By automagisation! ;)
Main point is to modify .htaccess file to have access rules ...