Wordpress wp-login Brute Force Attacks limitation



Brute force attacks to wordpress powered websites are not unusual. It’s very regular situation. Symptoms are many POST HTTP requests to wp-login.php script from single or multiple different IPs, in most of time from Russia, Ukraine, China etc.

This brute force attacks may cause server overloads or website unavailability.

To prevent this situation, we are using software Fail2ban with specific filter settings to block this brute force attempts. When Fail2Ban detect 5 or more POST requests to wp-login.php in short time period, it will automatically block clients IP address for 20 minutes. Client will be no able to connect to the server.

So, be careful when you will logging in to your wordpress website. If you enter 5 times for example bad login, your access will be blocked for 20 minutes.

Manual unblock / unban is not possible!