Russian hackers

In the past 8 hours one of my sites is under attack by Russian hackers, I see over 200 Russian IP addresses being locked out by Wordfence plugin. This is an academic blog that has absolutely nothing to do with Russia, so I am unsure why it became a target... It is on shared hosting rather then VPS, is there any way to block traffic from Russia, Ukraine, Belarus, Kazahstan, etc. using .htaccess? In fact, 95% of relevant traffic for this blog is coming from USA, Canada, UK, India, and Australia, so it would be nice to limit it only to these 5 countries... I know that it is possible with iptables on VPS, but never seen it done with .htaccess. Listing IP blocks per country will make it really slow... Any creative ideas?

 

Apparently, we've become victims of some kind of Russian hacking contest: they pick a site and whoever breaks in first gets the bragging rights :-(

 

1. Rename the login pages. 2. If still the attack continues contact your hosting provider to enable some firewall or go offline for some hours.
3. Let the traffic pass via Cloudflare.

 

Thanks a lot.
Re #1: You mean to rename wp-login.php to something else, correct?
Re #2: Called hosting provider (JustHost), they suggested not to worry as their firewall detects these, but Wordfence blocks out IPs before their firewall can react. I am actually quite impressed with their hosting, with 450 blocked IPs (during the 9.5 hours the site is under attack) the site was down only once for 8 minutes.
Re #3: Yes, I should try this if attack doesn't stop.

 

Yes, please rename the wp-login and wp admin login pages and if justhost promises it you should still not trust it. Just make a offline backup to be secure

 

Thanks again. Is "wp admin login pages" are admin.php and index.php in wp-admin folder?
Re backup: I already have full offline backup of the site.

 

Thanks +Zoti Media Group, you get the best answer. After renaming wp-login all attacks stopped.

 

Great, the problem is solved. Congratulations Jeffr

 

I would also suggest Hiding you're Ip address also Use Hide My Ass I would move you're hosting to a VPS & let your hosting company Filter any attacks. Good Luck

 

You should protect wp-login.php with a good htaccess password.

 

You can change default service urls via .htaccess.
For example:

# BEGIN Hide console URL
<IfModulemod_rewrite.c>
RewriteEngineOn

RewriteRule^custom_admin_url/?$/wp-login.php?your_secret_key[R,L]

RewriteCond%{HTTP_COOKIE}!^.*wordpress_logged_in_.*$
RewriteRule^custom_admin_url/?$/wp-login.php?your_secret_key&redirect_to=/wp-admin/[R,L]

RewriteRule^custom_admin_url/?$/wp-admin/?your_secret_key[R,L]

RewriteCond%{SCRIPT_FILENAME}!^(.*)admin-ajax\.php
RewriteCond%{HTTP_REFERER}!^(.*)yoursite.c.o.m/wp-admin
RewriteCond%{HTTP_REFERER}!^(.*)yoursite.c.o.m/wp-login\.php
RewriteCond%{HTTP_REFERER}!^(.*)yoursite.c.o.m/custom_admin_url
RewriteCond%{QUERY_STRING}!^your_secret_key
RewriteCond%{QUERY_STRING}!^action=logout
RewriteCond%{QUERY_STRING}!^action=rp
RewriteCond%{QUERY_STRING}!^action=postpass
RewriteCond%{HTTP_COOKIE}!^.*wordpress_logged_in_.*$
RewriteRule^.*wp-admin/?|^.*wp-login\.php/not_found[R,L]

RewriteCond%{QUERY_STRING}^loggedout=true
RewriteRule^.*$/wp-login.php?your_secret_key[R,L]
</IfModule>
# END Hide console URL

Code (markup):

Where
custom_admin_url - new admin panel url
yoursite.c.o.m - your site domain (without http)
your_secret_key - secret key (like password, "sd782kjds")

After applying all changes the new admin panel url will be "yoursite.c.o.m/custom_admin_url"

 

Congrats if your problem has been solved. I would suggest to rename the login page also.