Post by thanos74 » Mon Apr 04, 2022 6:16 pm

ADD Creative wrote:
Mon Apr 04, 2022 6:11 pm
thanos74 wrote:
Mon Apr 04, 2022 4:45 pm
I have the same problem....
Which is the better code to avoid Bruteforce in /admin ?
They both do the same thing. It is probably more efficient to do the same in htaccess. That was the server doesn't have to start a PHP process.
viewtopic.php?f=179&t=225771&start=20#p836216

If the IP addresses you access the admin from doesn't change it is best to add an allow list and ban all others.
There are dynamic IPs.... so, it is better in the htaccess.
Thank you

New member

Posts

Joined
Thu Nov 05, 2015 4:55 pm

Post by thanos74 » Tue Apr 05, 2022 7:15 pm

I set the in htaccess:

Code: Select all

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^admin/.*$ - [F] 
I see login attempts at https://mail.example.com/admin

New member

Posts

Joined
Thu Nov 05, 2015 4:55 pm

Post by ADD Creative » Tue Apr 05, 2022 7:49 pm

thanos74 wrote:
Tue Apr 05, 2022 7:15 pm
I set the in htaccess:

Code: Select all

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^admin/.*$ - [F] 
I see login attempts at https://mail.example.com/admin
Can you explain in more detail?

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by thanos74 » Tue Apr 05, 2022 7:54 pm

Attackers tried from subdomain mail to /admin
https://mail.example.com/admin

New member

Posts

Joined
Thu Nov 05, 2015 4:55 pm

Post by ADD Creative » Tue Apr 05, 2022 9:03 pm

thanos74 wrote:
Tue Apr 05, 2022 7:54 pm
Attackers tried from subdomain mail to /admin
https://mail.example.com/admin
It's not unusual for bots to try a range to locations. What the result is depends on how your server is set up.

www.add-creative.co.uk


Expert Member

Posts

Joined
Sat Jan 14, 2012 1:02 am
Location - United Kingdom

Post by websiteworld » Fri May 06, 2022 7:46 am

We restrict access to the /admin/ folder by permitted IP addresses. Solves the problem entirely and is a good overall practice.

User avatar
New member

Posts

Joined
Thu Oct 18, 2012 3:11 am


Post by by mona » Fri May 06, 2022 10:06 am

websiteworld wrote:
Fri May 06, 2022 7:46 am
We restrict access to the /admin/ folder by permitted IP addresses. Solves the problem entirely and is a good overall practice.
This suggestion will work for static IPs.
As a suggestion to websiteworld, it would be more helpful if you would provide the community with at least one methodology of implementation.
viewtopic.php?t=135240
same logic
https://wpbeaches.com/secure-wp-admin-f ... -htaccess/

DISCLAIMER:
You should not modify core files .. if you would like to donate a cup of coffee I will write it in a modification for you.


Spinning Social : Links : Menus : Payments : Socials : Ads : Screen Backgrounds : Galleries : Headers : Banners : Promos


Expert Member

Posts

Joined
Mon Jun 10, 2019 9:31 am
Who is online

Users browsing this forum: No registered users and 2 guests