If you are getting flooded with wordpress login attempts by a suspected hacker, you can add the following rule to mod security in /usr/local/apache/conf/modsec2.user.conf
This rule will block any access to wp-login.php that does not contain a referer
#block wp-lgoin.php with no referer
<Locationmatch “/wp-login.php”>
SecRule REQUEST_METHOD “POST” “deny,status:401,id:5000130,chain,msg:’wp-login request blocked, no referer'”
SecRule &HTTP_REFERER “@eq 0”
</Locationmatch>
You may also need to block access to the xmlrpc.php file, as this is often used as a denial of service attack.
#Block xmlrpc with no referring URL
<Locationmatch “/xmlrpc.php”>
SecRule REQUEST_METHOD “POST” “deny,status:401,id:5000140,chain,msg:’xmlrpc request blocked, no referer'”
SecRule &HTTP_REFERER “@eq 0”
</Locationmatch>
facebook
twitter
LinkedIn