Mengamankan wp-login.php dari akses illegal

Saat ini sedang terjadi serangan yang ditujukan ke script blog wordpress untuk mendapatkan akses login. untuk mencegah hal-hal yang tidak diinginkan silakan lakukan pengamanan wp-login.php dengan salah satu metoda di bawah ini:

1. Install plugin captcha dan aktifkan untuk semua akses login wordpress anda
2. Pasang password protect untuk file wp-login.php dengan cara sbb:

  1. buat file .wpadmin, simpan dan letakkan di /home/user/.wpadmin (catatan: user di sini adalah username akun cpanel anda),
  2. buat username dan password terenkripsi melalui http://www.htaccesstools.com/htpasswd-generator (catatan: username di sini adalah username untuk akses file wp-login.php, bukan akses ke admin wordpress maupun akun cpanel),
  3. copy hasil username dan password yg terenkripsi dari langkah b (misal john:n5MfEoHOIQkKg) di file /home/user/.wpadmin,
  4. buka file /home/user/.htaccess dan copy paste field berikut:
  5. ErrorDocument 401 “Unauthorized Access”
    ErrorDocument 403 “Forbidden”
    <FilesMatch “wp-login.php”>
    AuthName “Authorized Only”
    AuthType Basic
    AuthUserFile /home/user/.wpadmin
    require valid-user
    </FilesMatch>

Read the rest of this entry »

Find IP has attacked wp-login

This shell command can be used on cPanel servers and does the following:
– Scans all access log files for IP addresses which sent a POST request to all wp-login.php files on all domains/subdomains/addon domains on the server during the last 24 hours
– It groups and sorts all the IP addresses, based on the number of POST requests they sent

So if you see that an IP address has sent an abnormal number of POST requests to wp-login.php files, you can ban it from your firewall. From our experience and stats, a normal number of POST requests to wp-login.php files from a single IP address is 4-5 per day. Anything above 15 is suspicious.

grep -R “wp-login.php” /usr/local/apache/domlogs/* | grep “POST” | awk -F: ‘{ print $2 }’ | awk ‘{print $1}’ | sort | uniq -c | sort -n

Find which tables use INNODB

The SQL to do this queries the INFORMATION_SCHEMA and is as follows:

SELECT table_schema, table_name
FROM INFORMATION_SCHEMA.TABLES
WHERE engine = ‘innodb’;

where:
table_schema is the name of the database.
table_name is (obviously) the name of the table.