Last active
March 21, 2017 13:23
-
-
Save nbeernink/94fd66f44cc62b0bac3727a514b835db to your computer and use it in GitHub Desktop.
password protect wp-login to thwart bruteforce attacks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| test -e /tmp/found-wp-instances || find /home/ -type f -name "wp-login.php" > /tmp/found-wp-instances | |
| time while read -r wp; do | |
| #Set variables | |
| user=$(echo "$wp"|cut -d/ -f3) | |
| domain=$(echo "$wp"|cut -d/ -f5) | |
| wp_htaccess=${wp//wp-login.php/.htaccess} | |
| wp_htpasswd=${wp//wp-login.php/.htpasswd} | |
| password=$(openssl rand -base64 12) | |
| #Generate htpassword file | |
| echo "Securing $domain" | |
| if [ -f "$wp_htpasswd" ]; then | |
| htpasswd -b "$wp_htpasswd" "$user" "$password" | |
| else | |
| htpasswd -bc "$wp_htpasswd" "$user" "$password" | |
| fi | |
| #Make a backup of the existing htaccess file | |
| cp "$wp_htaccess"{,.bak} | |
| #Append directives to htaccess file | |
| sed -i '1iErrorDocument 401 default' "$wp_htaccess" | |
| cat <<- HTACCESS >> "$wp_htaccess" | |
| #Password protect wp-login.php | |
| <FilesMatch "wp-login.php"> | |
| AuthType Basic | |
| AuthName "Secure Area" | |
| AuthUserFile "$wp_htpasswd" | |
| require valid-user | |
| </FilesMatch> | |
| HTACCESS | |
| #Make sure the user owns the new ht-files | |
| chown "$user":"$user" "$wp_htpasswd" | |
| chown "$user":"$user" "$wp_htaccess" | |
| #Add details to password list | |
| echo "$domain $user $password" >> /root/wp-pass-list | |
| done < /tmp/found-wp-instances |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment