Contents

Block WordPress Attackers

Block WordPress Attackers
Block WordPress Attackers

Install CSF first

Use the following commands to install CSF.
 $ cd /usr/src
 $ rm -fv csf.tgz
 $ wget https://download.configserver.com/csf.tgz
 $ tar -xzf csf.tgz cd csf
 $ sh install.sh

Edit the files ‘/etc/csf/csf.conf’ in the first few lines. The testing is enabled by setting to ‘1’; set it to ‘0’ and save the file. After this, enter the below command. CSF restart.
$ csf -r

Block attackers with CSF.

With CSF installed, you can use the following script to block wordpress attackers. This script will read the logs every few minutes depending on how you setup your cron job to run, the script will look for attackers that attempt brute force on one of the following php files on your wordpress site: ‘wp-login.php’ or ‘xmlrpc.php’.

Create a Cron job running this script.

Bash script for cron WHM/cPanel.
#!/bin/bash

###start editing
thold="100"
btime="359m"
###stop editing

egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$

while IFS= read -r line
 do
 /usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"
 done < $$_ip_$$
rm -f $$_ip_$$
Give the script execute permission.
$ chmod +x wplogin.sh
Insert this into crontab and have it executed automatically every 5 minutes.
0 */5 * * * /path_to_script/wplogin/wplogin.sh
Updated on 14 Jul 2017
Tagged:
0 Comments
Add a comment
Login for Comment