Comments (8 responses)

  1. Rohit says:

    This post is very useful for everyone… It will help me to secure my website wordpress installation.

  2. Steven C. says:

    I was recently the victim of two attacks. One was a hoard of comment spam attempts (65,000 in one day), the other attempting to get at logins.

    http://blog.starcircleacademy.com/2013/05/chinese-robot-attack

    One thing to remember is that anything that is being served by the WordPress PHP code is going to eat cpu. From looking at my logs about 85% of all of the traffic was hitting one particular old post. Short circuiting access to that post (via .htaccess) reduced that load a WHOLE lot. Denying access by a lot of Chinese subnets also went a long way to reducing my traffic.

    I’ve even thought it might be fun to make them request data from themselves because in my test most of those comment spammers were following the 301 forwarding links. Let ‘em have 127.0.0.1 !

    I like the tip you presented about two-factor authentication for wp-login. I think I’d suggest a different approach that would redirect traffic via .htaccess if a specific cookie is not present.

    http://stackoverflow.com/questions/3978726/how-to-do-htaccess-redirect-based-on-cookie-value

  3. Essien says:

    Thanks for the post. Am about to change the admin username now.

  4. John says:

    I have my own blog- I always worry with the security, after reading your post, i want to say thanks to you, its really useful article for me. thanks for sharing with us

  5. Jad says:

    Really useful article for preventing brute force attacks on WordPress sites.

  6. Lauren says:

    I applied the htaccess trick and changed the admin login, Thanks.

  7. Saanvi says:

    Thanks! This is probably the most useful post I’ve read on securing against brute force attack. I guess I know who I’m going to start following.

Speak Your Mind

*