Assists in preventing common brute force wp login attempts by modifying the default login URL for WordPress.
Brute Force Login Prevention isn't as much a security measure as it is a stop this brute force bot from swamping my server, please measure.
By preventing access to the default wp-admin/
and wp-login.php
URLs used by WordPress during the login process, you can quickly get a bot to go elsewhere to look for prey. Combine this with username other than admin
and a secure password and things are looking pretty good.
To Setup
- Include the contents of
brute-force-login-prevention.conf
in your site's Nginx configuration. This can be done with some careful copy/paste or with the Nginx include directive. - Put
brute-force-login-prevention.php
in thewp-content/mu-plugins/
directory of your WordPress installation. - Restart Nginx.
No comments:
Post a Comment