You are currently browsing the archives for December, 2017.

WordPress Brute Force Attacks on non-WordPress Sites

December 1, 2017 // Posted in Computer Tips, General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ) |  No Comments

There are more and more would-be hackers out there that are trying to attack WordPress Sites via a brute force attack on the wp-login.php file that is used on worpress sites to log in to the site.

The problem is that they do not know what are WordPress Sites and what are not so they try connecting to a wp-login.php file on almost every site. This can lead to hundreds of attempts on your non-wordpress by these hackers trying to find a wp-login.php file on your server. Check your server log and you will see all these attempts.

Now if as many people as possible added a wp-login.php to their non-wordpress site re-directing any call to that page back to the IP address that attempted to find it, then these idiots would perform a DOS attack on their own PC,
and stop them sending any more requests.

Here’s how to do it:

Create a file called wp-login.php in your non-wordpress site’s root folder with the following text in it (Your server must be php enabled):

 

 

 

 

Let’s hit back at these idiots together.
Steve

%d bloggers like this: