WordPress brute-force attack advice (question)

[ljubacanoa]

Hello,

As OLS (contrary to LSWS) coming without brute-force attack protection and I would like to avoid WP security plugins, I would like to know is it any idea about other options to apply WP BFA protection?

 

[Cold-Egg]

Please try enabling reCatpcha function, https://openlitespeed.org/kb/recaptcha-with-openlitespeed/, or
Add context for wp-login.php and xmlrpc.php, set deny to all and allow your IP only.

 

[ljubacanoa]

Hi,

Thanks. reCaptcha should be more than enough.

 

[ljubacanoa]

Additional question.

How to limit reCAPTCHA only for WP login page? As I see from docs, it should be some rewrite rules, but it is not clear from docs, how it should to look and where to add (console or .htaccess).

 

[Cold-Egg]

Hi,
I think the recaptcha rewrite method only support with LSWS but OLS.
More, https://docs.litespeedtech.com/lsws/recaptcha/

 

[ljubacanoa]

OK. I will ask LSWS support and than try also on OLS server (and than post here). Thanks.