Using ModSecurity You can add the below rules in your Apache configuration file. It will block the attacks. # This has to be global, cannot exist within a directory or location clause . . . SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:10011 # Setup brute force detection. # React if block flag has been set. SecRule user:bf_block "@gt 0" [...]The post Blocking brute force attack against WordPress wp-login.php appeared first on ServerTechSupport.
