We are getting bruteforce attacked on our sites and I am afraid to ban the IP's as they may be rotating IP's or legitimate users at some point in there life span.
I would like to block all unknown bots from accessing my site. Specifically my /wp-login.php file.
I have spent hours trying to find the code to do this. I am open to suggestions of course. But is there anyway to ban the unknown bots but not ban google and such?
I have captcha setup on my login form and limiting login attempts to 3 fails then lockout for 36 hours then 2 more fails and lockout for 96 hours. This however is not slowing down the attacks and they seem to have an endless pool of IP's to choose from.
<strong>What I ended up doing on top of generally tightening WP security is locking access to wp-login.php and wp-admin folder.
Very easy and quick setup guide here <a href="http://support.hostgator.com/articl.../wordpress/wordpress-login-brute-force-attack" rel="nofollow">http://support.hostgator.com/articl.../wordpress/wordpress-login-brute-force-attack</a> for the wp-login.php file
Locking a folder can be done easily in any Cpanel or plesk.</strong>
I would like to block all unknown bots from accessing my site. Specifically my /wp-login.php file.
I have spent hours trying to find the code to do this. I am open to suggestions of course. But is there anyway to ban the unknown bots but not ban google and such?
I have captcha setup on my login form and limiting login attempts to 3 fails then lockout for 36 hours then 2 more fails and lockout for 96 hours. This however is not slowing down the attacks and they seem to have an endless pool of IP's to choose from.
<strong>What I ended up doing on top of generally tightening WP security is locking access to wp-login.php and wp-admin folder.
Very easy and quick setup guide here <a href="http://support.hostgator.com/articl.../wordpress/wordpress-login-brute-force-attack" rel="nofollow">http://support.hostgator.com/articl.../wordpress/wordpress-login-brute-force-attack</a> for the wp-login.php file
Locking a folder can be done easily in any Cpanel or plesk.</strong>