Block wordpress login attacks on csf

Date Posted: 30-08-2017

csf is a firewall used to manage firewall rules in an easy way. By default, it blocks incorrect ssh login attempts, failed imap login. In this post, we will explain on how to block wordpress failure login on csf firewall.

Prerequisites:

  1. Centos Server
  2. Webserver
  3. WordPress domain
  4. Csf firewall

Implementation:

Append the below lines on the fileĀ /usr/local/csf/bin/regex.custom.pm

vi /usr/local/csf/bin/regex.custom.pm

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "POST \/wp-login\.php.*" 200/)) {
    return ("Failed WordPress login from",$1,"wordpress","5","80,443","3600");
}

Edit or modify the below line on the file /etc/csf/csf.conf.

vi /etc/csf/csf.conf

CUSTOM1_LOG = "/home/*/access-logs/*"

We need to add domain access log location in place of “/home/*/access-logs”

Restart the csf service.

csf -r

 

Leave a Reply