Bot login attempts for my wordpress sites have increased after moving to linode
So i moved my wordpress sites from Resellerclub shared hosting to linode this week. After moving them, I'm seeing an increase from 4 bot attacks a day to 780. My login limiter plugin stops the bot. However, I wanted to know what resellerclub was doing that prevented the attacks and what I should implement in my linode to do the same.
I am running $12 shared CPU linode server running a few wordpress sites using hestiacp on debian 12. My DNS is managed by cloudflare and currently attack mode is on. Attacks have reduced to 375.
my site is oakarborconsulting.com
Any help is appreciated.
2 Replies
CassandraD
Linode Staff
✓ Best Answer
While we have some documentation available about using Fail2Ban for SSH Brute Force protection, and your server comes with DDoS Protection, I wasn't able to find anything on our site specific to Wordpress login attacks.
One of my teammates shared a blog post from WP Beginner that addresses some ways to protect your Wordpress site specifically:
This provides a few suggestions, but most seem dedicated to stopping successful login attempts and rather than preventing attacks. I found a suggestion on another site of hiding your login page by renaming it or using a plugin, which may prevent some of the attacks.
I know you mentioned using a plugin that was helping. Just to be thorough, I looked into this avenue as well, and I found a few suggestions for plugins that you compare to what you're using to see if any might be a better fit. It's possible they may go about stopping attacks differently and limit the number of attacks you're seeing. I'll link to those here:
Finally, if you analyze your traffic and or check any relevant logs and find that your server is being attacked by the same IPs, you can look into using an internal firewall or our Cloud Firewall to block that traffic.
