1. Home
  2. CMS
  3. WordPress
  4. How To Block WordPress Attackers

How To Block WordPress Attackers

Block WordPress Attackers
Block WordPress Attackers

Install CSF first

Use the following commands to install CSF.

 $ cd /usr/src
 $ rm -fv csf.tgz
 $ wget https://download.configserver.com/csf.tgz
 $ tar -xzf csf.tgz cd csf
 $ sh install.sh

Edit the files ‘/etc/csf/csf.conf’ in the first few lines. The testing is enabled by setting to ‘1’; set it to ‘0’ and save the file.
After this, enter the below command.
CSF restart.

$ csf -r

Block attackers with CSF.

With CSF installed, you can use the following script to block wordpress attackers.
This script will read the logs every few minutes depending on how you setup your cron job to run, the script will look for attackers that attempt brute force on one of the following php files on your wordpress site: ‘wp-login.php’ or ‘xmlrpc.php’.

Create a Cron job running this script.

Bash script for cron WHM/cPanel.

###start editing
###stop editing
egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$
while IFS= read -r line
 /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"
 done < $$_ip_$$
rm -f $$_ip_$$

Give the script execute permission.

$ chmod +x wplogin.sh

Insert this into crontab and have it executed automatically every 5 minutes.

0 */5 * * * /path_to_script/wplogin/wplogin.sh
Updated on December 23, 2018

Was this article helpful?

Related Articles

Leave a Comment

[apsl-login-lite login_text='Please login with a social account']