git subrepo clone https://leap.se/git/puppet_apache puppet/modules/apache

subrepo:
  subdir:   "puppet/modules/apache"
  merged:   "415e950"
upstream:
  origin:   "https://leap.se/git/puppet_apache"
  branch:   "master"
  commit:   "415e950"
git-subrepo:
  version:  "0.3.0"
  origin:   "https://github.com/ingydotnet/git-subrepo"
  commit:   "1e79595"

Change-Id: Iba7353669969a09c0b4bbd63add67e3245b05ede

1 files changed, 19 insertions, 0 deletions

diff --git a/puppet/modules/apache/templates/vhosts/php_wordpress/partial.erb b/puppet/modules/apache/templates/vhosts/php_wordpress/partial.erb
new file mode 100644
index 00000000..5e6ebd5e
--- /dev/null
+++ b/puppet/modules/apache/templates/vhosts/php_wordpress/partial.erb
@@ -0,0 +1,19 @@
+<%= scope.function_template(['apache/vhosts/php/partial.erb']) %>
+
+  # fixes: http://git.zx2c4.com/w3-total-fail/tree/w3-total-fail.sh
+  <Directory "<%= @documentroot %>/wp-content/w3tc/dbcache">
+    Deny From All
+  </Directory>
+
+  # simple wp-login brute force protection
+  # http://www.frameloss.org/2013/04/26/even-easier-brute-force-login-protection-for-wordpress/
+  RewriteEngine On
+  RewriteCond %{HTTP_COOKIE} !<%= cookie = scope.function_sha1([scope.function_fqdn_rand([9999999999999,@name]).to_s + "cookie"]) %>
+  RewriteRule ^/wp-login.php /wordpress-login-<%= tmpuri = scope.function_sha1([scope.function_fqdn_rand([9999999999999,@name]).to_s + "wp-login"]) %>.php [R,L]
+  <Location /wordpress-login-<%= tmpuri %>.php>
+    CookieTracking on
+    CookieExpires 30
+    CookieName <%= cookie %>
+  </Location>
+  RewriteRule ^/wordpress-login-<%= tmpuri %>.php /wp-login.php [NE]
+