Defeat wp-login.php Brute Force Attack Using Cloudflare & .htaccess

In dealing WordPress Login (wp-login.php) brute force attack, previously, I recommend changing username & password as mentioned in WordPress Brute Force Attack – Change Username/Login ID post.

It does help to prevent the hacker to gain access, but the attack caused another problem as it consumed a large amount of server resources. Plugins such as Brute Force Login Protection may assist you to block the IPs after a number of wrong attempts. However, some of the hackers have large numbers of IPs, from hundreds to thousands of IPs. I encounter this problem & really taxing my server resources similar to DDOS attack.

While looking for better alternative to solve this problem, I found out that if you are using Cloudflare, the request headers contain the country code of the visitor’s origin. The header I’m talking about is the “HTTP_CF_IPCOUNTRY”.

What you to do is to allow only visitors from certain country to access “wp-login.php” file by using “HTTP_CF_IPCOUNTRY” header  and “.htaccess” file.

The example below is only allow visitors from United States & Canada. Change the country code in the third line to make it applicable to your locations.

 <FilesMatch "wp-login.php">
  RewriteEngine on
  RewriteCond %{HTTP:CF-IPCOUNTRY} !^(US|CA)$
  RewriteRule ^ - [F,L]

How to Modify CloudLinux LVE Limit

I’m using CloudLinux as server OS in OnApp Cloud Platform. Although I’m the only user in the server, I like CloudLinux for system stability as my website regularly under DOS/DDOS attack. However, I would like to use the resource as much as possible & not the default setting.

The best way to control LVE limits is using LVE Manager or lvectl command line tool. The limits are saved in /etc/container/ve.cfg. In other word, we can modify this file directly to modify limit.

Below is the sample of ve.cfg

<?xml version="1.0" ?>
		<cpu limit="25"/>
		<ncpu limit="1"/>
		<io limit="1024"/>
		<mem limit="262144"/>
		<other maxentryprocs="20"/>
		<pmem limit="262144"/>
		<nproc limit="0"/>
	<lve id="501">
		<cpu limit="95"/>
		<ncpu limit="4"/>
		<io limit="102400"/>
		<mem limit="524288"/>
		<other maxentryprocs="100"/>
		<pmem limit="524288"/>
		<nproc limit="100"/>

For the user id, 501 the resource allocated is as follow

<cpu limit="95"/>			-> CPU usage limit is 95%
<ncpu limit="4"/>			-> Number of CPU limit is 4
<io limit="102400"/>			-> IO limit is 102400 kB/s
<mem limit="524288"/>			-> Virtual memory limit is 524288 kB
<other maxentryprocs="100"/>		-> Number of Entry Processes limit is 100
<pmem limit="524288"/>			-> Physical Memory limit is 524288 kB
<nproc limit="100"/>			-> Number of Processes limit is 100