After the recent global distributed botnet attack on WordPress installations that took down servers and broke into admin accounts, I thought I’d write a plugin to prevent it happening again.
Distributed botnet attacks can come from multiple IP addresses and locations at the same time, so conventional IP-based lockouts are not effective (e.g. those found in Wordfence and other WordPress security plugins).
For example, if 1,000 different computers (with unique IP addresses) are trying to brute-force your admin password and you lock out each IP address after 5 incorrect attempts then you have still allowed 5,000 attempts. My plugin essentially ignores the different IP addresses and locks out all admin login attempts in a configurable way – so if you have it set to 5 failed attempts (default) then those 1,000 different computers will only have a total between them of 5 attempts.
You can select how many login failures causes the lockout, how much time to allow between failures, how long to block logins for and also you can input a whitelisted IP address (or multiple addresses separated with commas or spaces) which can bypass the lockdown and always log in – so you can still always get into your site even in the middle of an attack. Version 1.1 adds support for partial IP address matching for those with dynamic IP addresses.
- Any failed login is counted regardless of username or IP address (unless whitelisted)
- Once locked down, nobody can log in except from whitelisted IP addresses
- You can specify the number of login failures that triggers a lockdown
- You can specify the time between failed attempts that should be counted
- You can specify how long the lockdown should last
- You can add whitelisted IP addresses that bypass the lockdown
- Partial IP address matching for dynamically-allocated IP addresses
- Multisite compatible
- Now available in French, German, Italian and Russian
- Activate the plugin through the ‘Plugins’ menu in WordPress
- Navigate to Settings, Botnet Blocker to configure your settings
- How do I configure the plugin?
Navigate to Settings and then Botnet Blocker, change the options and click Update.
- Can I whitelist multiple IP addresses?
Yes, separate them by a space or comma.
- Can I whitelist partial IP addresses?
Yes, just type in the IP part to match, e.g. 1.2 or 1.2.3 and leave out the part to ignore. This will allow dynamically-allocated IP addresses in the whitelist.
Contributors & Developers
“Botnet Attack Blocker” is open source software. The following people have contributed to this plugin.Contributors
Interested in development?
- Bugfix for whitelist errors
- Improve table deletion on deactivation
- Multisite compatible for individual or network activation
- Add 24 hour blocking option
- Remove options and plugin table on deactivation
- Change init hooks to run less often
- Bugfix – fix invalid header on activation.
- Bugfix – unquoted text amended thanks to John Dorner.
- Bugfix – added check for blank whitelist.
- Added French, German and Russian translations (my own, feel free to suggest corrections).
- Added Italian translation thanks to Giacinto (www.iononmollo.it).
- Added translation support.
- Added partial IP whitelist matching (for dynamic IPs).
- Initial release.