CSF help for WordPress /wp-login.php and /xmlrpc.php DDOS
Posted: 07 Jun 2017, 03:36
Does anyone have a working set of rules they use with CSF to help reduce impact from repeated login attempts on WordPress?
These attempts take place with /xmlrpc.php (multiple attempts in one post) and /wp-login.php (single attempt). Often one IP will try many, many times (eg yesterday, 3000 in 2 days).
It would help a lot if CSF was able to auto-block them with some built-in solution; far more robust than putting in our own home-grown rules. This is fairly significant and can affect server performance tremendously. We'd obviously want some form of rate detection and then subsequent blocking. If it eventually worked for Joomla as well that would be amazing.
Is there a way to trigger an existing ruleset by modifying WordPress's behaviour for a failed login? That would be a nice interim measure, although the absolute magic lies in blocking multiple attempts from the default failed login behaviour.
Brian
These attempts take place with /xmlrpc.php (multiple attempts in one post) and /wp-login.php (single attempt). Often one IP will try many, many times (eg yesterday, 3000 in 2 days).
It would help a lot if CSF was able to auto-block them with some built-in solution; far more robust than putting in our own home-grown rules. This is fairly significant and can affect server performance tremendously. We'd obviously want some form of rate detection and then subsequent blocking. If it eventually worked for Joomla as well that would be amazing.
Is there a way to trigger an existing ruleset by modifying WordPress's behaviour for a failed login? That would be a nice interim measure, although the absolute magic lies in blocking multiple attempts from the default failed login behaviour.
Brian