Some of the posts I am seeing on the internet regarding the wordpress password crack via botnet is pretty funny as various people offer suggestions to fix the problem. The quickest fix is simple and although it protects the wp-admin page, it wont protect you from the inbound traffic or sql injection.
Set up a simple auth login:
Nginx example:
[codesyntax lang=”bash”]
location ~ ^/wp-admin {
auth_basic “Restricted”;
# location of password file
auth_basic_user_file /path/to/password.dat;
}
[/codesyntax]
Apache example:
[codesyntax lang=”bash”]
<Location /wp-admin> AuthType Basic AuthName "Site Admin" AuthUserFile /path/to/password.dat Require valid-user </Location>
[/codesyntax]
You can then use htpasswd to generate the password file for username:
[codesyntax lang=”bash”]
htpasswd /path/to/password.dat username
[/codesyntax]
Leave a Reply
You must be logged in to post a comment.