WordPress Login Protection with ModSecurity


Warning: file(http://svn.wp-plugins.org/devformatter/branches/langs/text.php): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /www/wwwroot/cefhost_cn/blog/wp-content/plugins/devformatter/devgeshi.php on line 100

Warning: implode(): Invalid arguments passed in /www/wwwroot/cefhost_cn/blog/wp-content/plugins/devformatter/devgeshi.php on line 100

Warning: file(http://svn.wp-plugins.org/devformatter/branches/langs/text.php): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /www/wwwroot/cefhost_cn/blog/wp-content/plugins/devformatter/devgeshi.php on line 100

Warning: implode(): Invalid arguments passed in /www/wwwroot/cefhost_cn/blog/wp-content/plugins/devformatter/devgeshi.php on line 100

Warning: file(http://svn.wp-plugins.org/devformatter/branches/langs/text.php): failed to open stream: HTTP request failed! HTTP/1.1 403 Forbidden in /www/wwwroot/cefhost_cn/blog/wp-content/plugins/devformatter/devgeshi.php on line 100

Warning: implode(): Invalid arguments passed in /www/wwwroot/cefhost_cn/blog/wp-content/plugins/devformatter/devgeshi.php on line 100

 text |  copy code |? 
01
SecAction phase:1,nolog,pass,initcol:ip=%{REMOTE_ADDR},initcol:user=%{REMOTE_ADDR},id:5000134
02

03
    # Setup brute force detection.
04
05
    # React if block flag has been set.
06
    SecRule user:bf_block "@gt 0" "deny,status:401,log,id:5000135,msg:'ip address blocked for 5 minutes, more than 10 login attempts in 3 minutes.'"
07
08
    # Setup Tracking.  On a successful login, a 302 redirect is performed, a 200 indicates login failed.
09
    SecRule RESPONSE_STATUS "^302" "phase:5,t:none,nolog,pass,setvar:ip.bf_counter=0,id:5000136"
10
    SecRule RESPONSE_STATUS "^200" "phase:5,chain,t:none,nolog,pass,setvar:ip.bf_counter=+1,deprecatevar:ip.bf_counter=1/180,id:5000137"
11
    SecRule ip:bf_counter "@gt 10" "t:none,setvar:user.bf_block=1,expirevar:user.bf_block=300,setvar:ip.bf_counter=0"
12