Protection against brute force attacks


Feb 23, 2017
cPanel Access Level
Root Administrator
I have a two servers with WHM on with over 90 websites on them, most of them are running Wordpress. The issue that I am having is that every few days there is a massive increase in traffic going to the index, xmlrpc . wp-login.php files etc. A certain amount of that would be genuine traffic but not all of it. I do have Wordfence installed on the Wordpress websites and I have the options enabled on them to block access after X amount of failed attempts, but that wouldn't stop them or they would just change I.P. addresses after a while.

I have tried to use the Host Access Control to try block an I.P. address but that didn't work. I tried to block my I.P. but it didn't block it (I would have access via a different I.P address if it did block mine). Even if it did block it, it wouldn't really be feasible to add all the I.P's to it every time.

I did install Munin on one of the servers earlier to see if that will give me some more information.

I was thinking on looking more into Cloudflare and their services and it can be integrated with cPanel

Is there anything I can install/get for the servers that would help?