If you forbid certain paths or URLs with nginx to protect content you may want to use fail2ban to ban these 403 requests nginx captures. For example if you have renamed your login page using a plugin then typically the hacker bots will receive a 403 forbidden error when trying to log in. Similarly if … Learn more…
I have helped many users speed up their sites by implementing server-side security to prevent XMLRPC and wp-login.php attacks. CloudFlare have blogged about XMLRPC.php as an attack vector. Basically, hacker bots scan for WordPress or WooCommerce sites and will try a senseless amount of password attempts over and over again. This can lead to your system … Learn more…
Protecting wp-login.php for WordPress is essential for brute force protection from hackers. Most WordPress administrators will use a plugin like All-in-One Security (recommended) or Wordfence to block users who are making excessive login attempts. The problem with the plugin technique is that these brute force protection methods are still expensive for your web server. When a user … Learn more…
WordPress is gaining in popularity and therefore the number of attacks specific to WordPress keep increasing. I manage servers for some political websites which get attacked relentlessly so that means I get to create new firewall rules and rate limiting directives to help keep the site running – very fun! Recently this site was being … Learn more…
Monit is a great tool for WordPress self-hosting which will monitor your essential services like nginx, MariaDB MySQL, php5-fpm, Varnish, Redis, memcached and basically anything running on your VPS or dedicated server. Monit does allow whitelisting so that only certain IP addresses or dynamic DNS addresses are allowed to access the Monit web interface. If … Learn more…