Operating System & Version
Cloudlinux 7.8
cPanel & WHM Version
90.0 (build 16)

Vs Nu

Well-Known Member
Jul 17, 2015
119
7
68
India
cPanel Access Level
Root Administrator
Do anyone have ModSec rule for WPLogin attacks ?

I had checked Stopping Brute-force Logins Against Wordpress - I break things. but it does not work while adding the rule in ModSec

it gives error

Error: (XID bwc4af) The rule is invalid. Apache returned the following error: AH00526: Syntax error on line 3 of /var/tmp/29053.XML_API___MODSEC_ADD_RULE__.e713b25e.tmp/validate.conf: ModSecurity: No action id present within the rule
 

cPSamuelM

Technical Analyst Team Lead
Staff member
Nov 20, 2019
196
38
103
USA
cPanel Access Level
Root Administrator
Hello @Vs Nu

I recommend you install the cPanel-provided OWASP ModSecurity Core Rule Set. The OWASP CRS has rules that detect brute force attacks. The page I linked provides instructions for installing this rule set.

I would also suggest you refer to this article from our support center that covers other methods of dealing with Wordpress brute force attacks.

Please let us know if you have any questions.