Protect wordpress wp-login with ModSecurity

Last Updated On: January 25, 2020

Protect your wordpress installation (wp-login.php) against brute force attack with ModSecurity.

  1. Login to your WHM as root
  2. Install Modsecurity  if it isn’t installed
  3. Go to the “Plugins” section.
  4. Click on “Mod Security”
  5. Click on “Edit Config”
  6. COPY and PASTE the code below
READ MORE  Install Mod Security on cpanel server

SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
<Locationmatch "/wp-login.php">
# Setup brute force detection.
# React if block flag has been set.
SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
# Setup Tracking. On a successful login, a 302 redirect is performed, a 200 indicates login failed.
SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"

Click on “Save Configuration”