Block wp-login.php based on country through mod_security
Block wp-login.php based on country through mod_security
Date Posted: 17-02-2018
WordPress is popular CMS which receives large number of DDOS login attempts generally. As a system administrator or site owner, if we dont feel that the traffic is not genuine from some other country, we can restrict wp-login.php only from certain countries.
In this post we will explain on how to block wp-login.php access from other country except India.
Assumption:
- Mod Security already installed. If you have cPanel then in WHM itself, you will have an option to add Mod_security rule.
- Server SSH details.
Implementation:
1. Open the domain configuration file. By default, the location will be /etc/apache2/sites-enabled/default
vi /etc/apache2/sites-enabled/default
2. Append the below mentioned code
<IfModule mod_security2.c>
SecRule REQUEST_URI "wp-login.php" "chain,id:2018,log,msg:'Blocking %{geo.country_code}' - Suggested by PheonixSolutions.com"
SecRule REMOTE_ADDR "@geoLookup" "chain"
SecRule GEO:COUNTRY_CODE "@streq IN"
</IfModule>
Where,
Secrule – Mod security rule
Request_URI – URL which the rules applies to
chain – It indicates that there will be continuation of rule to the next line.
id – Unique Mod_security reference ID
log- It tells apache to log the message
msg – Message should be logged on the log
GEO:COUNTRY_CODE – Country code
streq – String Equal to
IN – India. If we want to allow from other country then mention TWO digit code of the respective country
3. Check the syntax error
apachectl -t
4. Restart the apache server.
service apache2 restart
Now, if any user access wp-login.php from India, they will see the login page. If the user access wp-login.php then they will get “406 : Not acceptable “ page.
