Linux security. A method of protecting your WordPress server against ‘brute force’ attacks.

‘Brute Force’ attacks on your administration access files are wasting your server’s resources and eating away at your bandwidth. Without firewall blocking, your bandwidth cannot be protected. However, your server’s resources can. Apache’s (or equivalent web-server’s) logfiles are telling you that multiple WordPress ‘wp-login.php’ password guesses will one day be correctly computed and in they get. We are now going to insert the following code into your root level (/) ‘.htaccess’ file if using Apache to prevent access at this point of entry.

# Re-route wp-login.php non-server access IP addresses.
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^192.168.22.175$
RewriteCond %{REMOTE_ADDR} !^123.111.11.125$
RewriteCond %{REMOTE_ADDR} !^111.111.11.1$
RewriteRule ^(.*)$ naughty.html [L,R]

Above, we are saying that if access to wp-login.php or wp-admin by any IP address that ‘is not’ 198.168.22.175, 123.111.11.125 or 111.111.11.1 is re-directed (302) to a file named ‘naughty.html’
‘naughty.html’ contains wording and/or graphical picture showing your dislike at this type of behaviour. Of course you can just present them with a 401 error, but just doing this doesn’t give you a little bit of pleasure.

WordPress hackers also look for vulnerabilities with the ‘xmlrpc.php’ file.

I strongly advise that this file is also protected from being accessed by any IP address other than those you need….i.e: the server IP Address and all ‘apps’ requiring the use of ‘xmlrpc.php’. i.e. Jetpack, current IP range CIDR format being ‘192.0.64.0/18’

#  Re-route xmlrpc.php non-server access IP addresses except Jetpack.
RewriteCond %{REQUEST_URI} ^(.*)?xmlrpc\.php(.*)$
RewriteCond expr "! -R '192.0.64.0/18'"
RewriteCond %{REMOTE_ADDR} !^123.111.11.125$
RewriteRule ^(.*)$ naughty2.html [L,R]

Again, all IP addresses not mentioned in the RewriteCond lines above are re-directed to ‘naughty2.html’ which contains whatever you want it too.

The RewriteCond expr “! -R ‘192.0.64.0/18′” is the format required for Apache release =>2.4
Never mix the newer Apache (=>2.4) release directives with those of previous release directives. As the Apache documentation states: Mixing old directives like Order, Allow or Deny with new ones like Require is technically possible but discouraged.