WordPress Brute Force Attacks on non-WordPress Sites

December 1, 2017 // Posted in Computer Tips, General, Main, Tips and Tricks  

There are more and more would-be hackers out there that are trying to attack WordPress Sites via a brute force attack on the wp-login.php file that is used on worpress sites to log in to the site.

The problem is that they do not know what are WordPress Sites and what are not so they try connecting to a wp-login.php file on almost every site. This can lead to hundreds of attempts on your non-wordpress by these hackers trying to find a wp-login.php file on your server. Check your server log and you will see all these attempts.

Now if as many people as possible added a wp-login.php to their non-wordpress site re-directing any call to that page back to the IP address that attempted to find it, then these idiots would perform a DOS attack on their own PC,
and stop them sending any more requests.

Here’s how to do it:

Create a file called wp-login.php in your non-wordpress site’s root folder with the following text in it (Your server must be php enabled):

 

 

 

 

Let’s hit back at these idiots together.
Steve

This entry was posted on December 1, 2017 at 5:14 pm and is filed under Computer Tips, General, Main, Tips and Tricks (Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , ). You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply (name & email required)

%d bloggers like this: