Post · bonfire.cafe

@rolle@mementomori.social · 21 hours ago

A really interesting lightning talk about attacks on WordPress. This is something I've been working to mitigate lately by building my own monitoring. Cloudflare, automatic access.log monitoring, and fail2ban are your friends. She paints a bigger picture in her talk.
https://wpsuomi.fi/schedule/war-on-wordpress-part-2/

#WPSuomi #wpfi

Lisa-Marie Karvonen talking about attacks on WordPress at WP Suomi auditorium at Haaga Helia University

Eva Mikkonen

@evamik@uwu.mikkonen.com replied · 19 hours ago

@rolle Been doing similar hardening, syslog is also a friend if certain WP endpoints like login must be exposed in public, and using syslogged breach attempts to talk with CF firewall endpoints to block offenders before they reach origin servers on some customer projects

Roni Rolle Laukkarinen

@rolle@mementomori.social replied · 19 hours ago

@evamik wp-login ratelimiting should be the default everywhere. Seeing so many brute force / dictionary attacks every day.

bonfire.cafe

A space for Bonfire maintainers and contributors to communicate

bonfire.cafe: About · Code of conduct · Privacy · Users · Instances

Bonfire social · 1.0.0-rc.3.13 no JS en

Automatic federation enabled