Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:web-application-protection [2017/11/28 20:38] Johathan Kagan [How Brute Force Protection works] |
litespeed_wiki:config:web-application-protection [2017/11/28 20:46] (current) Johathan Kagan [WordPress 'brute force attack protection built in to LSWS] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== WordPress 'brute force attack protection built in to LSWS ====== | ====== WordPress 'brute force attack protection built in to LSWS ====== | ||
| - | A ‘brute force’ login attack is a type of attack against a website to gain access to the site by guessing the username and password, over and over again. WordPress is the most popular CMS and therefore it’s a frequent target of these type of attacks. ''wp-login.php'' and ''xmlrpc.php'' pages are the most common target from brute force attack by POST method. WordPress doesn’t have any built in feature to prevent these types of attacks, hence you may need to find some third-party solutions. | + | A ‘brute force’ login attack is a type of attack against a website to gain access to the site by guessing the username and password, over and over again. WordPress is the most popular CMS and therefore it’s a frequent target of these type of attacks. ''wp-login.php'' and ''xmlrpc.php'' pages are the most common target from brute force attack by POST method. WordPress doesn’t have any built in protection to prevent these types of attacks, hence you may need to find some third-party solutions. |
| - | Since 5.2.3, LSWS build-in wordpress brute force attack protection is introduced and it will well protect your shared hosting WordPress environment from large-scale DDoS attack, which may even bring down your server. | + | Starting with version 5.2.3 of LSWS, LSWS has a built-in WordPress brute force attack protection system. It will protect shared hosting WordPress environments from large-scale DDoS attacks, which may bring down entire servers. |
| ===== How Brute Force Protection works ===== | ===== How Brute Force Protection works ===== | ||
| Line 85: | Line 85: | ||
| ===== Real Testing===== | ===== Real Testing===== | ||
| - | Test 10 limit with brute access script. We can see time increasing from Round 6 and finally got connection error on Round 11. | + | This test was conducted with ''WordPressProtect'' set to ''10''. We can see the time start to increase at Round 6 and finally get a connection error at Round 11. |
| <code> | <code> | ||
| Round: 1 Fail 0.626 | Round: 1 Fail 0.626 | ||