In dealing WordPress Login (wp-login.php) brute force attack, previously, I recommend changing username & password as mentioned in WordPress Brute Force Attack – Change Username/Login ID post.
It does help to prevent the hacker to gain access, but the attack caused another problem as it consumed a large amount of server resources. Plugins such as Brute Force Login Protection may assist you to block the IPs after a number of wrong attempts. However, some of the hackers have large numbers of IPs, from hundreds to thousands of IPs. I encounter this problem & really taxing my server resources similar to DDOS attack.
While looking for better alternative to solve this problem, I found out that if you are using Cloudflare, the request headers contain the country code of the visitor’s origin. The header I’m talking about is the “HTTP_CF_IPCOUNTRY”.
What you to do is to allow only visitors from certain country to access “wp-login.php” file by using “HTTP_CF_IPCOUNTRY” header and “.htaccess” file.
The example below is only allow visitors from United States & Canada. Change the country code in the third line to make it applicable to your locations.
<FilesMatch "wp-login.php">
RewriteEngine on
RewriteCond %{HTTP:CF-IPCOUNTRY} !^(US|CA)$
RewriteRule ^ - [F,L]
</FilesMatch>
I’m using CloudLinux as server OS in OnApp Cloud Platform. Although I’m the only user in the server, I like CloudLinux for system stability as my website regularly under DOS/DDOS attack. However, I would like to use the resource as much as possible & not the default setting.
The best way to control LVE limits is using LVE Manager or lvectl command line tool. The limits are saved in /etc/container/ve.cfg. In other word, we can modify this file directly to modify limit.
Below is the sample of ve.cfg
<?xml version="1.0" ?>
<lveconfig>
<defaults>
<cpu limit="25"/>
<ncpu limit="1"/>
<io limit="1024"/>
<mem limit="262144"/>
<other maxentryprocs="20"/>
<pmem limit="262144"/>
<nproc limit="0"/>
</defaults>
<lve id="501">
<cpu limit="95"/>
<ncpu limit="4"/>
<io limit="102400"/>
<mem limit="524288"/>
<other maxentryprocs="100"/>
<pmem limit="524288"/>
<nproc limit="100"/>
</lve>
</lveconfig>
For the user id, 501 the resource allocated is as follow
<cpu limit="95"/> -> CPU usage limit is 95%
<ncpu limit="4"/> -> Number of CPU limit is 4
<io limit="102400"/> -> IO limit is 102400 kB/s
<mem limit="524288"/> -> Virtual memory limit is 524288 kB
<other maxentryprocs="100"/> -> Number of Entry Processes limit is 100
<pmem limit="524288"/> -> Physical Memory limit is 524288 kB
<nproc limit="100"/> -> Number of Processes limit is 100
