Pages

Saturday, 28 November 2020

Brute Force wp Login Prevention

 Assists in preventing common brute force wp login attempts by modifying the default login URL for WordPress.

Brute Force Login Prevention isn't as much a security measure as it is a stop this brute force bot from swamping my server, please measure.

By preventing access to the default wp-admin/ and wp-login.php URLs used by WordPress during the login process, you can quickly get a bot to go elsewhere to look for prey. Combine this with username other than admin and a secure password and things are looking pretty good.

To Setup

  1. Include the contents of brute-force-login-prevention.conf in your site's Nginx configuration. This can be done with some careful copy/paste or with the Nginx include directive.
  2. Put brute-force-login-prevention.php in the wp-content/mu-plugins/ directory of your WordPress installation.
  3. Restart Nginx.

from https://github.com/10up/Brute-Force-Login-Prevention

No comments:

Post a Comment