Categories
hosting tech

WordPress, wp-login.php brute forces, and mod_security

 

wordpress

So, there’s finally been a bit of chatter about an attack that’s been ongoing across many webhosts for a few weeks. The most effective solutions that I’ve seen involve identifying patterns in the nefarious traffic, and blocking based on that. Something like this mod_security rule: