On 25 Jul 2014, at 07:53, Ben Chad <ben(a)benchbyte.co.uk> wrote:
On 25 Jul 2014, at 01:10, Ian
<ian(a)lovingboth.com> wrote:
See the wiki article on WordPress and use a
fail2ban jail that looks for
any access to wp-login.php and bans the IP address for more than a
handful of accesses in a few minutes. If it's only legitimately accessed
from known whitelisted addresses, you can set it to ban on a single access.
I think that is the next step, yes.
What a fantastic piece of software! It’s extremely simple to setup, yet very effective.
It’s solved my woes :)
I went for the whitelist/aggressive ban approach, and it’s working a charm. (I did need to
write my own filter to ban folk who tried to access files from invalid IP addresses.)
I’d been hoping to try it for a while, but had just never gotten around to it. If you’re
thinking the same, it doesn’t take very long at all.
On the other hand, I was surprised to see that by default WordPress likes the idea of
running cron on every page access. This would have been contributing to my bother. I think
that was a bad design decision, and I’ve got that sorted out as well.
B