Security From Hackers

I ran into similar problems with my own VPS about 8 months ago. I installed fail2ban, initially to address ssh login attempts, then chose one of the fail2ban WordPress plugins and used it for a while, but eventually wrote my own equivalent as I wanted to expand its use to my shared hosting accounts, where I cannot install fail2ban.

Here is a good search to get you started in that direction (fail2ban):
https://www.ads-software.com/plugins/search.php?q=fail2ban

the plugin your advice have no rank only 26 downloads. I will not prefer to install it , however, i had installed jetpack it decrease the load on server but still there is the load.

I need the global solution on server site for all website not for single website

I can recommend WordFence. It does the same as what jonradio described with fail2ban (and a whole lot more)…

Thanks “David Hunter – LAS”

is it for server global installation for all WordPress sites or for a single website installation.

If you mean “Can I install this plugin software on as many installation as I want?” then yes.

If you are looking for something that will be installed on the server level then the answer is no. These plugins all operate high up on the stack where WordPress runs. This is after Apache2 and PHP are processing data.

There are no WordPress plugins that are for server global installation. Plugins are an add-on to WordPress and do not operate at the server level.

Some plugins do operate… better? Jetpack’s brute force protection is pretty good IMHO.

https://jetpack.com/2015/03/17/jetpack-3-4-protect-secure-and-simplify/

I am root administrator of many Linux servers, we have near 100 or more WordPress sites on our servers, we are facing a problem from hackers, hackers are trying to log in with some kind of software on https://www.website.com/wp-login.php

Give Fail2ban a look.

https://en.wikipedia.org/wiki/Fail2ban

It modifies your server before Apache2 and attempts to prevent your servers from processing requests from IPs that are determined to be “Bad”.

I used the jetpack on some site, but still, can see the brute force on the wp-login.php page and as a result huge load on the server.

can you please guide which option I need to activate in the jetpack to stop brute force on the wp-login page.?

for now, I activate I activated “Protect” option out of 28 jetpack features.

Can you please check brute force security on my site: https://www.unique-star.net/wp-login.php
I used on this site jetpack

please advice…

If you enabled the feature then it’s active. It’s that simple. ??

Brute force protection does not mean block all requests to wp-login.php. It means when a URL request exceeds a rate or is already on a list of known attackers (which is managed by Jetpack’s database) then that IP is blocked.

Unless you are experiencing tangible problems then I would not worry about your site getting those requests.

Login attempts are the background noise of the Internet and as long as your passwords are secure and you are not experiencing a resource drain then it’s all good.

thanks a lot “Jan Dembowski”

I use mod_sec rules on a cpanel server works great.

https://forums.cpanel.net/threads/denied-brutforce-wp-login-php.392672/

You can also take a look at this one:

https://www.frameloss.org/2013/04/26/even-easier-brute-force-login-protection-for-wordpress/