In dealing WordPress Login (wp-login.php) brute force attack, previously, I recommend changing username & password as mentioned in WordPress Brute Force Attack – Change Username/Login ID post.
It does help to prevent the hacker to gain access, but the attack caused another problem as it consumed a large amount of server resources. Plugins such as Brute Force Login Protection may assist you to block the IPs after a number of wrong attempts. However, some of the hackers have large numbers of IPs, from hundreds to thousands of IPs. I encounter this problem & really taxing my server resources similar to DDOS attack.
While looking for better alternative to solve this problem, I found out that if you are using Cloudflare, the request headers contain the country code of the visitor’s origin. The header I’m talking about is the “HTTP_CF_IPCOUNTRY”.
What you to do is to allow only visitors from certain country to access “wp-login.php” file by using “HTTP_CF_IPCOUNTRY” header and “.htaccess” file.
The example below is only allow visitors from United States & Canada. Change the country code in the third line to make it applicable to your locations.
<FilesMatch "wp-login.php">
RewriteEngine on
RewriteCond %{HTTP:CF-IPCOUNTRY} !^(US|CA)$
RewriteRule ^ - [F,L]
</FilesMatch>
WHM/cPanel, since version 11.42 allow user to do backup to Amazon S3. This is a great choice to do backup by utilizing reliable service like Amazon S3. Furthermore, new S3 user will get FREE 5GB backup storage for a year making this option even valuable. After FREE time is over, the cost is rather small only 3 cents per GB of storage
Below is the steps on how to backup cPanel/WHM in Amazon S3
Amazon S3 Configuration
- Login to your Amazon S3 account or create for a new account if you don’t have one.
- Browse to Dashboard → Services → S3
- Create a Bucket (Make sure there is no “.” dot in the Bucket name. If you have, you unable to connect to amazon servers due SSL issue and will give timeout error.
- Browse to Username → Security Credentials → Access Keys (Access Key ID and Secret Access Key)
- Click “Create New Access Key” button.
- Download the “Access Key” & keep it secure.
cPanel/WHM Configuration
- Login to cPanel/WHM
- Browse to Backup → Backup Configuration
- Edit Global Settings, Scheduling and Retention, Files, Databases & Configure Backup Directory as per your preference.
- In Additional Destinations, Select “Amazon S3™” & Click “Create new destination” button.
- Add “Destination Name” and optional “Folder” information in the space.
- Key-in “Bucket” name as (3) in Amazon S3 Configuration above.
- Key-ion “Access Key ID” & “Secret Access Key” as per (6) in Amazon S3 Configuration above.
- Click “Save and Validate Destination” Button.
