February, 2014 – Graham Miln

Every 30 Seconds

For the last few days this site, https://stories.miln.eu/ The Work Life, has been undergoing a persistent attack. Every 30 seconds an attempt was being made on our WordPress administration page. The attack made no impact on the site but did turn up in our log files as an anomaly.

Yesterday I added a simple but effective second layer of protection to our site. I added HTTP authentication, rfc2617, to our login page.

Within minutes the attack stopped and has not returned.

If the attempts are no problem, why add the complexity of a second layer – and second set of credentials?

Every request for our administration page took time and resources to serve. Those resources are limited and count against our monthly allowances. By adding an immediate authentication requirement, malicious connections are limited. They are limited in the harm they can do and the resources needed to serve the initial request.

There are numerous approaches to adding additional security to WordPress. I was greatly tempted by fail2ban but could not justify the time to set up and test it. In the end a fairly trivial edit to .htaccess was all that was needed.