WordPress.org

Support

Support » Plugins and Hacks » iThemes Security (formerly Better WP Security) » Suggestion: Ban IPs/Hosts that try to login for "admin" user

Suggestion: Ban IPs/Hosts that try to login for "admin" user

Viewing 15 replies - 1 through 15 (of 17 total)
  • I was ask that before, currently no answer 🙁

    My question

    yes please

    If you do not have anyone with “admin” in their username you can add “admin” to the Ban User Agents found under the “ban” list. You can also change your blacklist threshold to 1 if you are the only user and know you will never forget your password.

    @m_butcher.
    Problem is that I did know my password but not all the “normal Users”.
    That’s the reason why I can’t set the Blacklist threshold to 1

    Thanks m_butcher for that info – I’d never really understood what a ‘user agent’ was! So I’ll try adding it to reduce the number of attempted logins.

    NO – DON’T DO THIS! wHEN i ADDED ‘ADMIN’ INTO THE bAN USRr agents, it totally locked me out of my site and returned an error saying that my admin page was banned! (ie: couldn’t access my wp admin page!), even though I have the admin username removed by wp security too.

    So I looked in my .htaccess file and found this…

    RewriteCond %{HTTP_USER_AGENT} ^ [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^admin [NC]
    RewriteRule ^(.*)$ - [F,L]

    which I totally deleted, and this then allowed me back in. Phew! I then went back into WP security and removed ‘admin’ from my ban user agent section too.

    So,please could anyone tell me:
    1. if it was OK to delete all of this section of code in my htaccess file??
    2. why it didn’t work as suggested above?
    3. what else could be added into the Ban User section to improve security?

    Thanks in anticipation…

    +1
    @m_butcher‘s suggestion is incorrect. That’s not what a user agent is for.

    Thanks WDG for your reply – do you know if it was OK to delete all the mentioned lines (as above) from my htaccess file?
    Cheers.

    Yes, it should be possible to prevent the WP from evil Logins.
    Why we don’t make a white list with the usersnames?

    If a hacker trys a different username (not on the white list)
    —> Baned

    So we do not give them several trys to reach the backend.

    @5high
    Yes. Those lines are looking for particular user agents and ending their connection if they match.

    @ WDG
    OK, have looked up ‘user agents’ and will not be touching that section again, as it’s probably beyond me!
    However, are you able to answer my previous query…

    So I looked in my .htaccess file and found this…

    RewriteCond %{HTTP_USER_AGENT} ^ [NC,OR]
    RewriteCond %{HTTP_USER_AGENT} ^admin [NC]
    RewriteRule ^(.*)$ – [F,L]

    which I totally deleted, and this then allowed me back in. Phew! I then went back into WP security and removed ‘admin’ from my ban user agent section too.

    So,please could anyone tell me:
    1. if it was OK to delete all of this section of code in my htaccess file??

    .. re what I deleted form my htaccess file?
    Cheers.

    Along the lines of this request, it would be great to have a blacklist username list.. you could add usernames such as “admin” to the list. If someone tries to login using any of them, they are banned permanently (or for a very long time).

    A username blacklist would be great. I have so many admin user attmepts. In addition to that though, there should also be a URL blacklist. So…

    http://domain.com/admin BANNED
    http://domain.com/administrator BANNED

    I know 404 errors handles this, but if you have a lot of real 404 problems, then your stuck up-ing the threshold.

    This would be a lot more aggressive

    If this has been fixed, please mark as resolved.

Viewing 15 replies - 1 through 15 (of 17 total)
  • The topic ‘Suggestion: Ban IPs/Hosts that try to login for "admin" user’ is closed to new replies.
Skip to toolbar