Block WordPress Attackers

Block WordPress Attackers
Block WordPress Attackers

Install CSF first

Use the following commands to install CSF.
 $ cd /usr/src
 $ rm -fv csf.tgz
 $ wget
 $ tar -xzf csf.tgz cd csf
 $ sh

Edit the files ‘/etc/csf/csf.conf’ in the first few lines. The testing is enabled by setting to ‘1’; set it to ‘0’ and save the file. After this, enter the below command. CSF restart.
$ csf -r

Block attackers with CSF.

With CSF installed, you can use the following script to block wordpress attackers. This script will read the logs every few minutes depending on how you setup your cron job to run, the script will look for attackers that attempt brute force on one of the following php files on your wordpress site: ‘wp-login.php’ or ‘xmlrpc.php’.

Create a Cron job running this script.

Bash script for cron WHM/cPanel.

###start editing
###stop editing

egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$

while IFS= read -r line
 /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"
 done < $$_ip_$$
rm -f $$_ip_$$
Give the script execute permission.
$ chmod +x
Insert this into crontab and have it executed automatically every 5 minutes.
0 */5 * * * /path_to_script/wplogin/
Updated on 14 Jul 2017
Add a comment
Login for Comment