Wp Attack

There are many ways people approach all of this, and I only know a few. Wordfence Security has these throttling options:

If anyone’s requests exceed:
If a crawler’s page views exceed:
If a crawler’s pages not found (404s) exceed:
If a human’s page views exceed:
If a human’s pages not found (404s) exceed:
If 404’s for known vulnerable URL’s exceed:
How long is an IP address blocked when it breaks a rule:

For actual blocking, Wordfence does that dynamically rather than adding countless lines to .htaccess.

I also use the NinjaFirewall plugin (stand-alone version for me) to check traffic and stop many things from ever even arriving at WordPress.

I have Wordfence and installed also NinjaFirewall(which didn’t do anything for me). Also Wordfence didn’t make any difference as it lists every requests but it can’t differentiate from an normal access.

Have you talked to your hosting providers about this? I don’t think you can prevent it at the WordPress level.

The attack it seems to be called Slow HTTP DoS Attacks, usually it attacks Apache.
I have my own server, so far I’ve used fail2ban and Iptables, but the banned Ip list is growing faster.

Finally solved the issue by passing the job from fail2ban to Iptables, so instead to fail2ban send lots of IP’s into the iptables table to be dropped, I’ve done the following rules into Iptables, so for now all the requests matching those strings will be dropped by the Iptables automatically:
Also I’ve used an plugin(hide login) to change my login page name, so I don’t need to have any references to the old wp-login.php.

iptables -A INPUT -m string --algo bm --string "GET /wp-login.php HTTP/1.1" -j DROP
iptables -A INPUT -m string --algo bm --string "GET /-/-/-/-/-/-/-/-/-/- HTTP/1.1" -j DROP

Request closed.