introduce a simple wp-login brute force protection

author: mh <mh@immerda.ch> 2014-04-19 17:23:52 +0200
committer: mh <mh@immerda.ch> 2014-04-19 17:23:52 +0200
commit: bec7183cee93188cf7f0f8cda38a620da6ec0f17 (patch)
tree: e659d20e9c2419771c8683d8306f12a246dd1655 /templates
parent: bc953036d453e57383dcd7aad33c203104061ceb (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/templates/vhosts/php_wordpress/partial.erb b/templates/vhosts/php_wordpress/partial.erb
index 42f3cb5..1a02d68 100644
--- a/templates/vhosts/php_wordpress/partial.erb
+++ b/templates/vhosts/php_wordpress/partial.erb
@@ -4,3 +4,16 @@
   <Directory "<%= @documentroot %>/wp-content/w3tc/dbcache">
     Deny From All
   </Directory>
+
+  # simple wp-login brute force protection
+  # http://www.frameloss.org/2013/04/26/even-easier-brute-force-login-protection-for-wordpress/
+  RewriteEngine On
+  RewriteCond %{HTTP_COOKIE} !<%= cookie = scope.function_sha1([scope.function_fqdn_rand([9999999999999,@name]).to_s + "cookie"]) %>
+RewriteRule /wp-login.php /wordpress-login-<%= tmpuri = scope.function_sha1([scope.function_fqdn_rand([9999999999999,@name]).to_s + "wp-login"]) %>.php [R,L]
+<Location /wordpress-login-<%= tmpuri %>.php>
+    CookieTracking on
+    CookieExpires 30
+    CookieName <%= cookie %>
+   </Location>
+   RewriteRule /wordpress-login-<%= tmpuri %>.php /wp-login.php [NE]
+
author	mh <mh@immerda.ch>	2014-04-19 17:23:52 +0200
committer	mh <mh@immerda.ch>	2014-04-19 17:23:52 +0200
commit	bec7183cee93188cf7f0f8cda38a620da6ec0f17 (patch)
tree	e659d20e9c2419771c8683d8306f12a246dd1655 /templates
parent	bc953036d453e57383dcd7aad33c203104061ceb (diff)