Stopping invalid logins, the easy way

Most websites will get attacked at some point. Most commonly this is invalid logins on WordPress websites. Checkout some ways to help keep your site safe in 5 easy steps to keep your WordPress site safe although wordfence relies on people getting on your sites login page then failing three times.  . Under heavy attack this process can slow (or even take ) your site down. This got us thinking what if you could block the invalid login before they hit your site, perfect right? So we know that the attack is looking for /wp-admin or /wp-login, ok, how can we limit the traffic to those URLs, we also want to limit who can access these pages, Ips can change so this would be too complex to implement. But you know you will login from the UK (or which ever part or the world your in). So now we have something like “only let the UK access /wp-admin or /wp-login”. Follow us?

So how do I implement this, we recommend Cloudflare there fire wall allows you to set thease conditions with ease with the following rule

((http.request.uri.path in {“/wp-admin” “/wp-admin/” “/wp-login” “/wp-login/” “/wp-login.php”} or http.request.uri.query contains “wp-admin”)and not ip.geoip.country in {“GB”})

Then block

This will block anyone that is not in the UK from accessing wp-admin or wp-login. This simple rule means less attacks on your site, and better performance. If you should have any issues or have any questions regarding this topic please contact us via a support ticket (open a ticket) with our hosting department and we will get back to you as soon as possible

Powered by BetterDocs

Leave a Reply