A website I manage has been getting occasional reboots.
The website
-uses WordPress and Woocommerce
-is on a VPS
I have been trying various things to try and get the rebooting to stop (checking plugins, upping the RAM limit, PSmanager, etc)
Today at around 11am a reboot happened, and afterwards the site was moving very slowly. On a whim I checked the LoginLockdown plugin , and noticed a constant barrage of failed login attempts.
Checking the database, I can see that this website is currently getting pounded (every 10 seconds) with login attempts. I am guessing this has something to do with the rebooting.
As I mentioned, I have the plugin “login lockdown” installed, and also the 5G BLACKLIST/FIREWALL (2013) in the .htaccess
Anything else I can do to get this bot off the site? It seems to be using some kind of IP spoofing, because the IP changes constantly.
[hr]
from the login Lockdown logs, I see that the bot is attempting to use “admin” almost everytime. I wonder if there is a way to do something if “admin” is attempted?
[hr]
Okay, to answer my own question:
First, I found this website with a tidy explanation and a good solution:
I followed their instructions at the bottom of the page, but made two alterations
-instead of using “login.php” as the new login page, I used something different. login.php seemed to obvious
-I added an additional line to their functions to send logouts to the proper page; however, this does not seem to properly log the user out, but here is the line I am using:
//logout url fix
add_filter(‘logout_url’,‘fix_logout_url’); function fix_logout_url($link){ return “/ps-login.php?loggedout=true”; }
[hr]
I can confirm that this has stopped the barrage of login-attempts and the VPS Resources are back down.
[hr]