I’ve setup plugins on Wordpress to ban IPs, move the wp-login.php / wp-admin to another location (gives a 404 when trying the default), etc. This really helps protect the site itself, but with all the continuous request, even getting a 404 page, adds unneeded load on the server.
This is the most common line I could search for and block the IP:
188.8.131.52 - - [16/Oct/2014:09:36:24 -0400] “POST /wp-login.php HTTP/1.0” 404 25029 “-” “-”
I know because InterWorx stores each sites log I would have to setup a custom rule for each site I wanted to check for this, but the rule should just be repeated for each site just changing the path…so shouldn’t be too big of a deal.
Maybe in the future I can figure out a better, but this would be great to get setup on a few sites that are always causing issues.
I’m just having a hard time finding a tutorial that really explains how the rules are matching a flag and pulling and IP out. If someone could point me in the right direction there that would be most helpful!