Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
litespeed_wiki:config:wordpress-protection [2019/11/12 19:27]
qtwrk 		litespeed_wiki:config:wordpress-protection [2020/01/23 19:37] (current)
George Wang [Set "Trusted <ip>" in .htaccess to bypass the block]
Line 8: Line 8:
 ===== How Brute Force Protection Works ===== ===== How Brute Force Protection Works =====
  
-The newly introduced WordPress Protection directive is: ''​WordPressProtect [off|on|drop|deny|throttle,​ ] <​limit>''​ \\ +The newly introduced WordPress Protection directive is: ''​WordPressProtect [off|on|drop|deny|throttle|captcha, ] <​limit>''​ \\ 
-The action is optional, and defaults to ''​throttle''​. The limit can be set together with the action, and has a value of (0|1|5-1000) \\+The action is optional, and defaults to ''​throttle''​. The limit can be set together with the action, and has a value of (0|1|2-1000) \\
   * ''​0''​ disables WordPress Protection.   * ''​0''​ disables WordPress Protection.
   * ''​1'',​ when used by a virtual host, defers to the setting used by the server.   * ''​1'',​ when used by a virtual host, defers to the setting used by the server.
-  * ''​5''​-''​1000''​ enables WordPress protection and also specifies the login limit. (Values lower than ''​5''​ will be treated as ''​5'',​ and values higher than ''​1000''​ will be treated as ''​1000''​) \\+  * ''​2''​-''​1000''​ enables WordPress protection and also specifies the login limit. (Values lower than ''​2''​ will be treated as ''​2'',​ and values higher than ''​1000''​ will be treated as ''​1000''​) \\
 **Example:​** **Example:​**
   * ''​WordPressProtect drop, 10''​   * ''​WordPressProtect drop, 10''​
   * ''​WordPressProtect throttle, 20''​   * ''​WordPressProtect throttle, 20''​
 +  * ''​WordPressProtect captcha, 2''​
 +
 +**NOTE**: In order to use the ''​captcha''​ option, you need to configure the reCAPTCHA protection feature. Please see the 
 +[[https://​docs.litespeedtech.com/​lsws/​recaptcha/​|How to Configure reCAPTCHA Protection]] guide for instructions.
  
 This directive can be placed in the Apache configuration or ''​.htaccess''​ file. This directive can be placed in the Apache configuration or ''​.htaccess''​ file.
Line 105: Line 109:
 ===== How to Enable LSWS WordPressProtect Feature on Plesk ===== ===== How to Enable LSWS WordPressProtect Feature on Plesk =====
  
-Everything should be same as cPanel ​only some difference ​on where to place the directives:+Everything should be same as cPanel. The only difference ​is in where to place the directives.
  
-Server-Level ​configuration:​+==== Server-Level ​Configuration ====
  
-edit file `/​usr/​local/​psa/​admin/​conf/​templates/​custom/​domain/​domainVirtualHost.php`+Edit the file ''​/​usr/​local/​psa/​admin/​conf/​templates/​custom/​domain/​domainVirtualHost.php''​.
  
-There are **two** ​block of following code:+This file should be generated by the ''​bash <(curl http://​www.litespeedtech.com/​packages/​lscache/​set_cache_root_policy.sh)''​ script when you set up the cache root. If you haven'​t run it yet, please do so to enable cache root setup. 
 + 
 +There are **two** ​blocks ​of the following code:
  
 <​code><​IfModule Litespeed>​ <​code><​IfModule Litespeed>​
Line 117: Line 123:
 </​IfModule></​code>​ </​IfModule></​code>​
  
-We can insert the code here , make it like:+We can insert the WordPressProtect ​code here, like so:
  
 <​code><​IfModule Litespeed>​ <​code><​IfModule Litespeed>​
Line 124: Line 130:
 </​IfModule></​code>​ </​IfModule></​code>​
  
-This will override the default server-level setting from 10 to 5, then run ''/​usr/​local/​psa/​admin/​sbin/​httpdmng --reconfigure-all''​ to regenerate the configuration file , then ''/​usr/​local/​lsws/​bin/​lswsctrl restart''​ to restart LSWS to take effect.+This will override the default server-level setting from ''​10'' ​to ''​5''​. Be sure to run ''/​usr/​local/​psa/​admin/​sbin/​httpdmng --reconfigure-all''​ to regenerate the configuration file, then ''/​usr/​local/​lsws/​bin/​lswsctrl restart''​ to restart LSWS so the new setting takes effect.
  
-Vhost-level setting:+==== Vhost-Level Setting ====
  
-In Plesk domain page , as screenshot , go to ''​Apache & nginx Settings'' ​, add directive in ''​Additional directives for HTTP'' ​and ''​Additional directives for HTTPS'' ​then click on **OK** or **Apply** to save it.+{{ :​litespeed_wiki:​plesk:​plesk-wp-protect.jpg |}} 
 + 
 +In the Plesk domain page, as seen in the screenshot, ​navigate ​to **Apache & nginx Settings**, add the following ​directive in **Additional directives for HTTP** and **Additional directives for HTTPS**, then click **OK** or **Apply** to save it:
  
 <​code><​IfModule Litespeed>​ <​code><​IfModule Litespeed>​
Line 134: Line 142:
 </​IfModule></​code>​ </​IfModule></​code>​
  
-Plesk user can also use `.htaccess` to override the server-level setting ​as above example.+{{ :​litespeed_wiki:​plesk:​plesk-wp-protect2.jpg |}} 
 + 
 +Plesk users may also use `.htaccess` to override the server-level setting.
  
  
Line 220: Line 230:
 Brute force detected, throttle Brute force detected, throttle
  
-===== Set "​Trusted <​ip>"​ in .htaccess to bypass the block====+===== Set "​Trusted <​ip>"​ in .htaccess to bypass the block and reCAPTCHA check ====
  
 Since LSWS 5.4RC1, LSWS added virtual host trusted IP support, where you use ''​Trusted 1.2.3.4, 5.6.7.8''​ for IPv4 or ''​Trusted [2001:​db8:​85a3:​8d3:​1319:​8a2e:​370:​7348]''​ for IPv6 in Virtual Host document root .htaccess to unblock blocked IP and make that IP trusted for that vhost. Since LSWS 5.4RC1, LSWS added virtual host trusted IP support, where you use ''​Trusted 1.2.3.4, 5.6.7.8''​ for IPv4 or ''​Trusted [2001:​db8:​85a3:​8d3:​1319:​8a2e:​370:​7348]''​ for IPv6 in Virtual Host document root .htaccess to unblock blocked IP and make that IP trusted for that vhost.
  • Admin
  • Last modified: 2019/11/12 19:27
  • by qtwrk