New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
LiteSpeed - Built-in WordPress brute force protection (new feature)
A new feature has been introduced in LiteSpeed, wordpress bruteforce protection.
It works on wp-login and xmlrpc and drops the connection for X time after X failed login attempts.
Release log: https://www.litespeedtech.com/products/litespeed-web-server/release-log
Wiki: https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:wordpress-protection
If anyone has any means of testing this, how would this perform against a modsecurity rule, would it use more or less resources?
Also @Francisco could you test this against your in-house wordpress protection performance-wise?
Thanked by 1MikePT
Comments
They aren't charging to use it with a normal license?..
Mine needs a hand off so it's likely a tiny bit slower, but they still allow some activity hitting the PHP file which is going to burn CPU.
My system requires interaction with a challenge page which means that if the user isn't validated (a bot that would have to have manually developed ways to trigger it) would always get served a static .html page.
It's for sure a step forward but I get mountains of different IP's slamming away. The amount of proxies and other such things is insane. Most of my shared nodes get around 30,000 hits per day with a few of the ones with controversial sites (adult, political, etc) over 100,000 per day.
Francisco
You still need a LiteSpeed license to run LiteSpeed, it's not a wordpress plugin, it's supposed to be used to protect all websites in the server.
Not sure if the feature will be or already is available in OpenLiteSpeed.
Oh, yours asks for the challenge before even the first login attempt, right?
Correct.
Francisco
Hasn't ModSec been doing this for years?
In case you only read the title and the first paragraph.
So to answer your question, YES. But its not about which did it first, rather which is more efficient (in case you are running LSWS).
Obviously using both at the same time is useless. And since this new feature is active by default, you should disable it or the modsecurity rule.
Papi @Francisco the best.
...and systemd ideology slowly infests everything else.