Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
litespeed_wiki:config:wordpress-protection [2019/02/14 18:55] Jackson Zhang [Set "Trusted <ip>" in .htaccess to bypass the block] |
litespeed_wiki:config:wordpress-protection [2019/04/30 20:28] Lisa Clarke [WordPress Protection Block Never Seems to Expire] Proofreading |
||
|---|---|---|---|
| Line 208: | Line 208: | ||
| The explanation: WP protection blocking is only removed if the IP stops access attempts for a full 10 minutes. If the visitor constantly hits the server, the blocking won't be lifted. Restarting the web server will remove all IP blocks immediately. | The explanation: WP protection blocking is only removed if the IP stops access attempts for a full 10 minutes. If the visitor constantly hits the server, the blocking won't be lifted. Restarting the web server will remove all IP blocks immediately. | ||
| + | The bot-detection ''bot detected'' or ''WordPressBruteForce'' only log when a ''drop'' action is set. There won't be log entries for the ''deny'' and ''throttle'' actions. It is designed this way because ''drop'' is a more serious action, which blocks further requests from that IP (treated as unwanted botnet) and the log is for robot detection. | ||
| + | |||
| + | 2018-11-06 15:41:30.862784 [NOTICE] [24.96.xxx.xxx] bot detected for vhost [APVH_kevinandamanda.com], reason: WordPressBruteForce, close connection! | ||
| + | | ||
| + | Bot detection is one-time logging, while ''deny'' and ''throttle'' are per request, and it could become annoying with many repeated log messages. | ||