From bec7183cee93188cf7f0f8cda38a620da6ec0f17 Mon Sep 17 00:00:00 2001
From: mh <mh@immerda.ch>
Date: Sat, 19 Apr 2014 17:23:52 +0200
Subject: introduce a simple wp-login brute force protection

---
 templates/vhosts/php_wordpress/partial.erb | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'templates')

diff --git a/templates/vhosts/php_wordpress/partial.erb b/templates/vhosts/php_wordpress/partial.erb
index 42f3cb5..1a02d68 100644
--- a/templates/vhosts/php_wordpress/partial.erb
+++ b/templates/vhosts/php_wordpress/partial.erb
@@ -4,3 +4,16 @@
   <Directory "<%= @documentroot %>/wp-content/w3tc/dbcache">
     Deny From All
   </Directory>
+
+  # simple wp-login brute force protection
+  # http://www.frameloss.org/2013/04/26/even-easier-brute-force-login-protection-for-wordpress/
+  RewriteEngine On
+  RewriteCond %{HTTP_COOKIE} !<%= cookie = scope.function_sha1([scope.function_fqdn_rand([9999999999999,@name]).to_s + "cookie"]) %>
+RewriteRule /wp-login.php /wordpress-login-<%= tmpuri = scope.function_sha1([scope.function_fqdn_rand([9999999999999,@name]).to_s + "wp-login"]) %>.php [R,L]
+<Location /wordpress-login-<%= tmpuri %>.php>
+    CookieTracking on
+    CookieExpires 30
+    CookieName <%= cookie %>
+   </Location>
+   RewriteRule /wordpress-login-<%= tmpuri %>.php /wp-login.php [NE]
+
-- 
cgit v1.2.3