Server crash after large number of POST requests to the wp-login.php

  • keithwlogan

    (@keithwlogan)


    7 years, 6 months ago

    Hi

    Being a newbie I am not sure if I can prevent the issue below from happening via WordFence as it looks like a BruteForce attack.

    Looking over the atop logs on the server, it looks like this was a mixture of a
    large number of PHP processes and MySQL consuming a relatively large amount of CPU.

    From the access logs, there was a large number of POST requests to the wp-login.php page of one of your sites, so it is possible this was being bruteforce attacked:

    My host recommended I do the following:

    I would recommend locking down access to the wp-admin.php and xmlrpc.php files on your WordPress installation to prevent further brute force attacks. Commonly, this is done by setting up a .htpasswd file to require dual authentication to access the WordPress admin area, or through installing a WordPress plugin to safely rename these files.

    Do I need to do that even though I have WordFence installed? Is there something I can enable in WordFence that would stop this?

    Many thanks

Viewing 1 replies (of 1 total)
  • mountainguy2

    (@mountainguy2)

    7 years, 6 months ago

    I’m just a participant here, with a bit of experience in the battle. I’d do six things if I was under this sort of attack. First, I’d install WordPress plugin WP Hide Login and get it working. I would than block wp-login.php in my .htaccess file. I would then determine if the attack IPs had any commonality, and if so add some IP ranges to my server firewall or ask hosting company to do so. Concurrently with all this, I would determine if the attacks were coming from countries you don’t need traffic from, and use country blocking as much as possible.

    I would also build a customized Wordfence blocked message that took less bandwidth and shared less information. The blocked message file is in the Worfence plugin folder under /lib and is named something like wf-503.php or 503-wf.php (I don’t have it in front of me at the moment.

    Lastly, I would consider more robust hosting so you have some padding for attacks, and perhaps better tech support from host.

Viewing 1 replies (of 1 total)
  • The topic ‘Server crash after large number of POST requests to the wp-login.php’ is closed to new replies.