Recently, there have been a number of large-scale brute-force attacks on WordPress sites. These attacks try to bypass WordPress security by attempting to log in with every possible combination of username and password, sometimes sending thousands of requests per second.
Since these attacks began, one of our clients had all 50 of his hosted WordPress sites simultaneously attacked. He was able to mitigate these attacks using LiteSpeed’s mod_security rules, but wanted a way to easily and automatically block these IPs at the server level.
We responded within an hour – modifying our code and publishing a new build that allowed the client to add offending IP addresses to the blocked IP list using mod_security rules. These IPs can then be easily grabbed from the blocked IP list and added to the server level firewall using a script – stopping the connection at the network level before it ever reaches LiteSpeed Web Server.
That’s the kind of speed you can expect from LiteSpeed!