Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
litespeed_wiki:lslb:wordpress-protection [2017/12/21 21:33] Eric Leu [How to Enable LSWS WordPressProtect Feature from web console] |
litespeed_wiki:lslb:wordpress-protection [2017/12/22 13:56] Eric Leu [How to Enable LSADC WordPressProtect Feature from web console] |
||
---|---|---|---|
Line 7: | Line 7: | ||
The newly introduced WordPress Protection directive is: ''[Throttle, Deny, Drop, Disable ]'' \\ | The newly introduced WordPress Protection directive is: ''[Throttle, Deny, Drop, Disable ]'' \\ | ||
- | The action is optional, and defaults to ''throttle''. The ''Allowed Login Attempts'' can be set as value of (0|1|5-1000) \\ | + | The action is optional, and defaults to ''Disable''. The ''Allowed Login Attempts'' can be set as value of (0|1|5-1000) \\ |
* ''0'' disables WordPress Protection. | * ''0'' disables WordPress Protection. | ||
* ''1'', when used by a virtual host, defers to the setting used by the server. | * ''1'', when used by a virtual host, defers to the setting used by the server. | ||
- | * ''5''-''1000'' enables WordPress protection and also specifies the login limit. (Values lower than ''5'' will be treated as ''5'', and values higher than ''1000'' will be treated as ''1000'') \\ | + | * ''5''-''1000'' enables WordPress protection and also specifies the login value. (Values lower than ''5'' will be treated as ''5'', and values higher than ''1000'' will be treated as ''1000'') \\ |
The ''Allowed Login Attempts'' value specifies the maximum number of ''wp-login.php'' and ''xmlrpc.php'' login attempts allowed within 5 minutes before the IP is blocked. | The ''Allowed Login Attempts'' value specifies the maximum number of ''wp-login.php'' and ''xmlrpc.php'' login attempts allowed within 5 minutes before the IP is blocked. | ||
This ''Allowed Login Attempts'' is handled using a quota system that works as follows: | This ''Allowed Login Attempts'' is handled using a quota system that works as follows: | ||
- | * The quota starts at the specified limit value. | + | * The quota starts at the specified Allowed Login Attempts value. |
* Each POST attempt decreases the quota by 1 | * Each POST attempt decreases the quota by 1 | ||
- | * Once the quota reaches half of the limit, the IP will be throttled, slowing more as the quota drops further. | + | * Once the quota reaches half of the value, the IP will be throttled, slowing more as the quota drops further. |
* When the quota reaches 0, the desired action (drop, deny, or throttle) is taken. | * When the quota reaches 0, the desired action (drop, deny, or throttle) is taken. | ||
* Over the course of 5 minutes without further POST attempts, the quota gradually increases back to the set ''Allowed Login Attempts''. | * Over the course of 5 minutes without further POST attempts, the quota gradually increases back to the set ''Allowed Login Attempts''. | ||
- | * Restarting LSWS will reset the quota back to the specified limit value. | + | * Restarting LSADC will reset the quota back to the specified value. |
==== Examples ==== | ==== Examples ==== | ||
Line 27: | Line 27: | ||
* When there are more than 5 attempts within a short period of time, the IP will be throttled. | * When there are more than 5 attempts within a short period of time, the IP will be throttled. | ||
* Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | * Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | ||
- | * Every 30 seconds (5 minutes divided by the limit = 30 seconds), if there are no further POST attempts, the quota will increase by 1. | + | * Every 30 seconds (5 minutes divided by the value = 30 seconds), if there are no further POST attempts, the quota will increase by 1. |
- | * Assume the limit is set to ''300''. | + | * Assume the value is set to ''300''. |
* When there are more than 150 attempts within a short period of time, the IP will be throttled. | * When there are more than 150 attempts within a short period of time, the IP will be throttled. | ||
* Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | * Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | ||
- | * After 1 second (5 minutes divided by the limit = 1 second) without further POST attempts, the quota will increase by 1. | + | * After 1 second (5 minutes divided by the value = 1 second) without further POST attempts, the quota will increase by 1. |
- | ===== How to Enable LSWS WordPressProtect Feature from web console ===== | + | ===== How to Enable LSADC WordPressProtect Feature from web console ===== |
- | The LSWS WordPressProtect feature is Disabled by default. | + | The LSADC WordPressProtect feature is Disabled by default. |
You may wish to override the default settings at the server level, virtual-host level. Before making any changes, it helps to understand the logic that drives WordPressProtect at the different levels. | You may wish to override the default settings at the server level, virtual-host level. Before making any changes, it helps to understand the logic that drives WordPressProtect at the different levels. | ||
Changing the settings at the Virtual-Host level configuration will override the Server-Level configuration. | Changing the settings at the Virtual-Host level configuration will override the Server-Level configuration. | ||
- | + | * Server Level \\ {{:litespeed_wiki:lslb:adczconf-1.png?700|}} | |
- | {{:litespeed_wiki:lslb:adczconf-1.png?|}} | + | * Virtual Host Level \\ {{:litespeed_wiki:lslb:adczconf-2.png?700|}} |