Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
litespeed_wiki:config:wordpress-protection [2019/02/14 18:55] Jackson Zhang [Set "Trusted <ip>" in .htaccess to bypass the block] |
litespeed_wiki:config:wordpress-protection [2019/04/30 18:03] Jackson Zhang [WordPress Protection Block Never Seems to Expire] |
||
|---|---|---|---|
| Line 208: | Line 208: | ||
| The explanation: WP protection blocking is only removed if the IP stops access attempts for a full 10 minutes. If the visitor constantly hits the server, the blocking won't be lifted. Restarting the web server will remove all IP blocks immediately. | The explanation: WP protection blocking is only removed if the IP stops access attempts for a full 10 minutes. If the visitor constantly hits the server, the blocking won't be lifted. Restarting the web server will remove all IP blocks immediately. | ||
| + | The bot-detection ''bot detected'' or ''WordPressBruteForce'' only log when ''drop'' action is set, but there won't be such log entries for ''deny'' and ''throttle'' action. It is as designed since ''drop'' is a more serious action, which block further requests from that IP (treated as unwanted botnet) and the log is for robot detection. | ||
| + | 2018-11-06 15:41:30.862784 [NOTICE] [24.96.xxx.xxx] bot detected for vhost [APVH_kevinandamanda.com], reason: WordPressBruteForce, close connection! | ||
| + | | ||
| + | Bot detection is one time logging, while, ''deny'' and ''throttle'' are per request, and it could become annoying with many repeated log messages. | ||