Iptable to block wp-attack to wp-login.php
If you check the load and find so many wp-login.php connections, there is a wordpress attack. This can be checked by the running processes using the command,
top -cd1, and if you find there are so many process, you can block wp-login.php globally using.
iptables -I INPUT -p tcp --dport 80 -m string --string "wp-login.php" --algo bm -j DROP
Go to the Virtualhost section of the domain and add the following under the virtual section.
<Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from <IP>
</Files>
Here IP is the public IP from which access is required.
Do
apachectl configtest
/etc/init.d/httpd graceful
If the wp-login.php is accessed from IP other than public IP, it will show as forbidden.
If you check the load and find so many wp-login.php connections, there is a wordpress attack. This can be checked by the running processes using the command,
top -cd1, and if you find there are so many process, you can block wp-login.php globally using.
iptables -I INPUT -p tcp --dport 80 -m string --string "wp-login.php" --algo bm -j DROP
Go to the Virtualhost section of the domain and add the following under the virtual section.
<Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from <IP>
</Files>
Here IP is the public IP from which access is required.
Do
apachectl configtest
/etc/init.d/httpd graceful
If the wp-login.php is accessed from IP other than public IP, it will show as forbidden.