It just happened again…. Here is what it JUST did to my htaccess file. See how it rewrites to my htaccess file, but doesn’t finish it:
# Use PHP5 Single php.ini as default
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
index.php [L]
</IfModule>
# END WordPress
Redirect /category/experts/ /the-preferred-list/
Redirect /category/real-estate/ /real-estate/
# BEGIN Brute Force Login Protection
#<Files "*">
Note: It STARTS the brute force login protection … but never ends the tag.
Hi,
Thanks for your post.
Someone else had the same problem. It has something to do with the way php writes to a file. But I haven’t find out how to solve it yet.
This problem has a high priority for me to fix. Till then I’m afraid you can’t use the plugin.
I will try to fix the problem within a week.
JP
Thanks. Please let me know when this is fixed. We had some brute force attacks in the past, and are trying to protect ourselves as much as we can – your plugin is definitely needed!
So… after ‘X’ number of failed logins, it should simply write or add that IP address to the .htaccess file.
…and, of course, that’s all 🙂 Everything else in the .htaccess file should be the same ~ 301s / compressions / hotlink protections / ….
In other words, if I’m getting sucuri alerts and / or checking the log files and finding tons of IPs attacking via brute force, this plugin should simply ‘ADD’ those IPs to the .htaccess file if there are more than ‘X’ number of failed logins.
Hi Brad,
Thanks for your post.
That is essentially what the plugin does at this version (1.4.1). The problem with this approach is that it often takes place while the server is under most pressure. And eventually the server would fail to finish writing due to lack of resources which results in a corrupted htaccess file.
So I’m searching for an solution to avoid direct manipulation of the .htaccess file (e.g. with a temp file).
JP
Hi,
I’ve been working on the problem and think I’ve found a solution.
However, it is a bit difficult for me to test it properly. So would you like to download the dev version and test if it works correctly on your website?
You can download the dev version here: https://downloads.wordpress.org/plugin/brute-force-login-protection.zip
NOTE: Before you install it you have to remove all the Brute Force Login Protection lines from your .htaccess file! Also the lines that are commented (e.g. “# BEGIN Brute Force Login Protection”)!
Thanks!
JP
Ok, it’s in there. Can you send me an email to howdy [at] bradgriffin [dot] me, so that we don’t post private stuff in a public forum?
Also… we’re kinda talking about ya!
