If the Bonus Brute Force code does not work on your server and if you have root access,
a VPS or your own Server. You could try the following 3 alternate ways.
1) VARNISH CACHE Brute Force Protection: http://forum.ait-pro.com/forums/topic/varnish-cache-login-page-protection-brute-force-protection/
2)MOD SECURITY Brute Force Protection:
I personally use the Free Comodo WAF rules and they have several brute-force protection rules.
But you can add a “custom rule” such as below:
## block wordpress login attempts SecRule REQUEST_URI "wp-login.php" "id:'100',chain,severity:'3',msg:'Bad url - wp-login.php'" SecRule REMOTE_ADDR "!@ipMatch xxx.xxx.xxx.xxx"
Replace xxx.xxx.xxx. with your IP.
3)SERVER CONFIG Brute force Block for Wp-login at httpd.conf (PLEASE backup the file before you crash your server).
This METHOD is only for experienced users. I am warning you.
Edit /usr/local/apache/conf/httpd.conf and add the following near the other <Files></Files> lines:
Code A
<Files ~ "^wp-login.php"> Order allow,deny Deny from all Satisfy All </Files> ErrorDocument 403 "Not acceptable"
Restart Apache.
To Gain access again Uncomment (# in front of lines) it Out and restart Apache.
Code B
httpd.conf code to try.
<FilesMatch wp-login.php> Order Allow,Deny Allow from xxx.xxx.xxx.xxx Deny from all </FilesMatch>
xxx.xxx.xxx is your IP to whitelist
Good luck..
- This reply was modified 1 hour, 11 minutes ago by rafaelmagic.
- This reply was modified 1 hour, 10 minutes ago by rafaelmagic.
- This reply was modified 1 hour, 7 minutes ago by rafaelmagic.
- This reply was modified 1 hour, 6 minutes ago by rafaelmagic.
- This reply was modified 1 hour, 3 minutes ago by rafaelmagic.
- This reply was modified 57 minutes ago by AITpro Admin.