Bruteforce

How to block brute force attacks against your wordpress and live happy

3 minute read Published:

Some time ago i installed on my wordpress a wonderful plugin to help me secure this (and others) blog. it’s named Sucuri Security and it’s from sucuri.net. it scans your wordpress for the most common mistakes and add some interesting features. One of these features it’s the capability of trace failed logins and save them in a log file in JSON format like: {"user_login":"admin","user_password":"","attempt_time":1422522535,"remote_addr":"91.121.48.49","user_agent":false} This made me think of a possible way to exploit this information to temporary block the ip of the attacker so i made a simple script to “abuse” their log and ended up with a simple script in python.