Advice From Semalt: Block WP-Login.php Brute Force Attacks With CloudFlare Page Rules
Brute Force attacks are used by cybercriminals to compromise accounts. The attacker tries as many usernames and passwords as possible at a rapid pace. The attacks cause memory spikes and sometimes crashing when the memory load is too high.
Michael Brown, a leading specialist from Semalt, provides here practical methods to succeed in this regard.
Since Brute Force attackers must attempt to login more rapidly than humans to be effective, Rate limiting rules can be used to block them.
CloudFlare provides some basic protection from bots and DDoS. One of the tools CloudFlare provides is "Protect Your Login", a tool that creates a rule to block clients who attempt to log in more than 5 times in 5 minutes. This rule is adequate to block bots and attackers who may be attempting to use Brute-Force attacks. They cannot access your WordPress login (wp-login.php).
The other advantage of using Page Rules is that access by real visitors is not affected. The speed at which the attacker sends requests is much more that of a person. The possibilities of locking out a legitimate user are minimal unless the user has mistyped their credentials.
How to Use CloudFlare Page Rules to Block Brute Force Attacks
Brute-Force attacks are not specific to Wordpress. The attack can happen with all other web apps. But since Word Press is quite a popular platform, it's definitely one of the highest targets of hackers. These attacks mainly target the wp-login.php.
What do you do when on the receiving end of an attack? The main intention is to create a CloudFlare Page Rule that can do thorough browser inspection for wp-login.php file and weed out all bots and hackers.
After login into your CloudFlare account, select Page Rules>Create Page Rule. You will then need to do the following settings:
- If you use subdomains, set If the URL matches to 'the target subdomain'.
- Click +Add a setting then select Browser Integrity Check.
- Add another setting for Security Level and it choose security level I'm Under Attack.
Save these settings and deploy.
With CloudFlare's Page Rules, the security of the login page is strengthened and bad bots are prevented from accessing the page. The only disadvantage of using this tool is that whenever you clear your browser cache, or every time cookies for your site expires, then you'll have to wait for 5 seconds after logging in so that the Browser Integrity Check starts working.
Page Rules treat everything going to your page like a potential attack. As stated earlier, legitimate visitors aren't affected but will need to undergo a CloudFlare browser check. There are other methods of blocking Brute Force attacks. However, the Page Rules method is simple to understand and implement.
Don't wait until your web hosting provider tells you that your resources have been compromised. If you rely on servers for your business, don't leave any chance for Brute-Force attackers to utilize your resources. Page Rules can help you to improve user experience and maintain hardened security for your domain, enhanced site performance, and minimizing bandwidth usage.
The number of Page Rules depends on the type of plan you've chosen. The free plan has 3 rules, but you can purchase a plan that has more rules to fit your security requirements.