Quantcast
Channel: BulletProof Security Forum » All Posts
Viewing all articles
Browse latest Browse all 12488

Reply To: Protect Login Page from Brute Force Login Attacks

$
0
0

[Topic manually moved to this relevant Topic]

Hello,

I have problems with code:

# BRUTE FORCE LOGIN PAGE PROTECTION
# Protects the Login page from SpamBots, HackerBots & Proxies
# that use Server Protocol HTTP/1.0 or a blank User Agent
RewriteCond %{REQUEST_URI} ^(/wp-login\.php|.*wp-login\.php.*)$
RewriteCond %{HTTP_USER_AGENT} ^$ [OR]
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR]
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$
RewriteRule ^(.*)$ - [F,L]

This code block me from WP login page access. I receive 403 error. I’m using ServerPilot and DigitalOcean VPS and I contacted ServerPilot support and they said this: It won’t work to block HTTP/1.0 requests. So, you should replace these three lines:

RewriteCond %{HTTP_USER_AGENT} ^$ [OR] 
RewriteCond %{THE_REQUEST} HTTP/1\.0$ [OR] 
RewriteCond %{SERVER_PROTOCOL} HTTP/1\.0$

with this one line:

RewriteCond %{HTTP_USER_AGENT} ^$

What do you think? Is it ok to replace this three lines with this one?

  • This reply was modified 8 hours, 19 minutes ago by  AITpro Admin.

Viewing all articles
Browse latest Browse all 12488

Trending Articles