ModSecurity rules for Wordpress running on IIS server for blocking multiple login tries (unable to use Locationmatch)

by GrZeCh   Last Updated September 12, 2019 13:00 PM - source

has someone tried to run ModSecurity on IIS server and block login attempts to wp-login.php (xmlrpc.php too) after X tries in some period of time (or without any period of time but after Z seconds substract -1 from tries number), then block IP for Y number of seconds?

Every example I could find (like this one: https://blog.tomsdomain.co.uk/2018/11/20/wordpress-hardening/) is using "Locationmatch" tag which is not available on IIS.

Thank you



Related Questions



How to secure a 'public' sftp?

Updated April 16, 2016 09:00 AM

Security advantages of a SSH jumphost / jumpserver

Updated August 07, 2017 12:00 PM