How to stop malicious user-agents

Dealing with persistent attacks can be tough. Here are a few quick tips:
Block the IP Range: Use your .htaccess file to block the entire IP range, not just individual addresses.
Talk to Your Host: Your hosting provider might have additional solutions to block these attacks.
Web Application Firewall: Consider using a service like Cloudflare to filter out bad traffic before it reaches your site.
Update Wordfence: Make sure Wordfence is up to date and configured properly for maximum protection.
Monitor Traffic: Keep an eye on your traffic patterns with tools like Google Analytics and Wordfence logs.
Limit Login Attempts: Use Wordfence to limit login attempts, which can help against brute force attacks.
Talk to Your Host: Your hosting provider might have additional solutions to block these attacks. Like Modsecurity.

Hi@@wpprovider

Thanks for your advice.

I have done all steps mentioned in your reply except:
1) Talk to my Host
2) Web Application Firewall

Some IP ranges of the attackers have been blocked repeatedly, >50 times. Wordfence notifies me periodically of the attacks. Some attacks even tried to login my websites without success. I have very strong passwords which are changed periodically.

Although all attacks failed but it is quite annoying.

Regards

It fully depends on the strategy of the hosting company, but what we normally do is employ advanced detection and mitigation techniques to identify and neutralize DDoS attacks. This includes using network-level protection to absorb and diffuse the attack, implementing ModSecurity for firewall defense, ensuring regular updates and patches for security vulnerabilities, offering dedicated technical support during incidents, and conducting continuous monitoring for early threat detection. This comprehensive approach helps in maintaining the accessibility and integrity of your WordPress site during such attacks. I recommend to contact their support in this case.

Hi@wpprovider

Is it “modsecurity.org”?

It is very strange when I browsed;

https://www.modsecurity.org/
Trustwave is announcing the End-of-Life (EOL) of our support for ModSecurity effective July 1, 2024. We will then hand over the maintenance of ModSecurity code back to the open-source community…..

Trustwave announced they’ll stop supporting ModSecurity by July 2024. After that, the open-source community will take over.

This means no more updates or support from Trustwave after that date.

If you use ModSecurity, keep an eye on these changes. You might need to look into other options or rely on the community for future updates.

Hi@wpprovider

Just read following link;

Continuous Security Monitoring using ModSecurity & ELK
https://www.claranet.com/us/blog/2020-10-30-continuous-security-monitoring-using-modsecurity-elk

ModSecurity is for monitoring. Wordfence can do similar job, recording all attacks in full details. But I expect to stop those attackers before reaching my websites. I have 40 websites running Internet, but non of them for business.

Hi@wpprovider,

Further to my previous dialogue.

Just contacted the hosting company, Hostgator. In replying my problem encountered they said that “As a hosting provider we do not assist in removing malware”. They suggested me to subscribe “Sitelock”, their product.

Wordfence can do the job, detecting the intruders and stop them from attacking my websites. Sitelock do the same job.

Conclusion: no assistance will be provided by the hosting company in this respect.