Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
litespeed_wiki:config:wordpress-protection [2019/11/12 19:57] Lisa Clarke [How to Enable LSWS WordPressProtect Feature on Plesk] Copyedited |
litespeed_wiki:config:wordpress-protection [2020/01/23 19:37] (current) George Wang [Set "Trusted <ip>" in .htaccess to bypass the block] |
||
---|---|---|---|
Line 8: | Line 8: | ||
===== How Brute Force Protection Works ===== | ===== How Brute Force Protection Works ===== | ||
- | The newly introduced WordPress Protection directive is: ''WordPressProtect [off|on|drop|deny|throttle, ] <limit>'' \\ | + | The newly introduced WordPress Protection directive is: ''WordPressProtect [off|on|drop|deny|throttle|captcha, ] <limit>'' \\ |
- | The action is optional, and defaults to ''throttle''. The limit can be set together with the action, and has a value of (0|1|5-1000) \\ | + | The action is optional, and defaults to ''throttle''. The limit can be set together with the action, and has a value of (0|1|2-1000) \\ |
* ''0'' disables WordPress Protection. | * ''0'' disables WordPress Protection. | ||
* ''1'', when used by a virtual host, defers to the setting used by the server. | * ''1'', when used by a virtual host, defers to the setting used by the server. | ||
- | * ''5''-''1000'' enables WordPress protection and also specifies the login limit. (Values lower than ''5'' will be treated as ''5'', and values higher than ''1000'' will be treated as ''1000'') \\ | + | * ''2''-''1000'' enables WordPress protection and also specifies the login limit. (Values lower than ''2'' will be treated as ''2'', and values higher than ''1000'' will be treated as ''1000'') \\ |
**Example:** | **Example:** | ||
* ''WordPressProtect drop, 10'' | * ''WordPressProtect drop, 10'' | ||
* ''WordPressProtect throttle, 20'' | * ''WordPressProtect throttle, 20'' | ||
+ | * ''WordPressProtect captcha, 2'' | ||
+ | |||
+ | **NOTE**: In order to use the ''captcha'' option, you need to configure the reCAPTCHA protection feature. Please see the | ||
+ | [[https://docs.litespeedtech.com/lsws/recaptcha/|How to Configure reCAPTCHA Protection]] guide for instructions. | ||
This directive can be placed in the Apache configuration or ''.htaccess'' file. | This directive can be placed in the Apache configuration or ''.htaccess'' file. | ||
Line 226: | Line 230: | ||
Brute force detected, throttle | Brute force detected, throttle | ||
- | ===== Set "Trusted <ip>" in .htaccess to bypass the block==== | + | ===== Set "Trusted <ip>" in .htaccess to bypass the block and reCAPTCHA check ==== |
Since LSWS 5.4RC1, LSWS added virtual host trusted IP support, where you use ''Trusted 1.2.3.4, 5.6.7.8'' for IPv4 or ''Trusted [2001:db8:85a3:8d3:1319:8a2e:370:7348]'' for IPv6 in Virtual Host document root .htaccess to unblock blocked IP and make that IP trusted for that vhost. | Since LSWS 5.4RC1, LSWS added virtual host trusted IP support, where you use ''Trusted 1.2.3.4, 5.6.7.8'' for IPv4 or ''Trusted [2001:db8:85a3:8d3:1319:8a2e:370:7348]'' for IPv6 in Virtual Host document root .htaccess to unblock blocked IP and make that IP trusted for that vhost. |