Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
litespeed_wiki:lslb:wordpress-protection [2017/12/21 21:33] Eric Leu [How to Enable LSWS WordPressProtect Feature from web console] |
litespeed_wiki:lslb:wordpress-protection [2017/12/22 14:10] Lisa Clarke |
||
|---|---|---|---|
| Line 7: | Line 7: | ||
| The newly introduced WordPress Protection directive is: ''[Throttle, Deny, Drop, Disable ]'' \\ | The newly introduced WordPress Protection directive is: ''[Throttle, Deny, Drop, Disable ]'' \\ | ||
| - | The action is optional, and defaults to ''throttle''. The ''Allowed Login Attempts'' can be set as value of (0|1|5-1000) \\ | + | The action is optional, and defaults to ''Disable''. The ''Allowed Login Attempts'' can be set as value of (0|1|5-1000) \\ |
| * ''0'' disables WordPress Protection. | * ''0'' disables WordPress Protection. | ||
| * ''1'', when used by a virtual host, defers to the setting used by the server. | * ''1'', when used by a virtual host, defers to the setting used by the server. | ||
| - | * ''5''-''1000'' enables WordPress protection and also specifies the login limit. (Values lower than ''5'' will be treated as ''5'', and values higher than ''1000'' will be treated as ''1000'') \\ | + | * ''5''-''1000'' enables WordPress protection and also specifies the login value. (Values lower than ''5'' will be treated as ''5'', and values higher than ''1000'' will be treated as ''1000'') \\ |
| The ''Allowed Login Attempts'' value specifies the maximum number of ''wp-login.php'' and ''xmlrpc.php'' login attempts allowed within 5 minutes before the IP is blocked. | The ''Allowed Login Attempts'' value specifies the maximum number of ''wp-login.php'' and ''xmlrpc.php'' login attempts allowed within 5 minutes before the IP is blocked. | ||
| This ''Allowed Login Attempts'' is handled using a quota system that works as follows: | This ''Allowed Login Attempts'' is handled using a quota system that works as follows: | ||
| - | * The quota starts at the specified limit value. | + | * The quota starts at the specified Allowed Login Attempts value. |
| * Each POST attempt decreases the quota by 1 | * Each POST attempt decreases the quota by 1 | ||
| - | * Once the quota reaches half of the limit, the IP will be throttled, slowing more as the quota drops further. | + | * Once the quota reaches half of the value, the IP will be throttled, slowing more as the quota drops further. |
| * When the quota reaches 0, the desired action (drop, deny, or throttle) is taken. | * When the quota reaches 0, the desired action (drop, deny, or throttle) is taken. | ||
| * Over the course of 5 minutes without further POST attempts, the quota gradually increases back to the set ''Allowed Login Attempts''. | * Over the course of 5 minutes without further POST attempts, the quota gradually increases back to the set ''Allowed Login Attempts''. | ||
| - | * Restarting LSWS will reset the quota back to the specified limit value. | + | * Restarting LSADC will reset the quota back to the specified value. |
| ==== Examples ==== | ==== Examples ==== | ||
| Line 27: | Line 27: | ||
| * When there are more than 5 attempts within a short period of time, the IP will be throttled. | * When there are more than 5 attempts within a short period of time, the IP will be throttled. | ||
| * Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | * Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | ||
| - | * Every 30 seconds (5 minutes divided by the limit = 30 seconds), if there are no further POST attempts, the quota will increase by 1. | + | * Every 30 seconds (5 minutes divided by the value = 30 seconds), if there are no further POST attempts, the quota will increase by 1. |
| - | * Assume the limit is set to ''300''. | + | * Assume the value is set to ''300''. |
| * When there are more than 150 attempts within a short period of time, the IP will be throttled. | * When there are more than 150 attempts within a short period of time, the IP will be throttled. | ||
| * Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | * Once the quota reaches 0, the desired action (drop, deny, or throttle) will be taken. | ||
| - | * After 1 second (5 minutes divided by the limit = 1 second) without further POST attempts, the quota will increase by 1. | + | * After 1 second (5 minutes divided by the value = 1 second) without further POST attempts, the quota will increase by 1. |
| - | ===== How to Enable LSWS WordPressProtect Feature from web console ===== | + | ===== How to Enable LSADC WordPressProtect Feature from Web Console ===== |
| - | The LSWS WordPressProtect feature is Disabled by default. | + | The LSADC WordPressProtect feature is disabled by default. |
| - | You may wish to override the default settings at the server level, virtual-host level. Before making any changes, it helps to understand the logic that drives WordPressProtect at the different levels. | + | You may wish to override the default settings at the server level, or virtual-host level. Before making any changes, it helps to understand the logic that drives WordPressProtect at the different levels. |
| Changing the settings at the Virtual-Host level configuration will override the Server-Level configuration. | Changing the settings at the Virtual-Host level configuration will override the Server-Level configuration. | ||
| - | + | * Server Level \\ {{:litespeed_wiki:lslb:adczconf-1.png?700|}} | |
| - | {{:litespeed_wiki:lslb:adczconf-1.png?700|}} | + | * Virtual Host Level \\ {{:litespeed_wiki:lslb:adczconf-2.png?700|}} |