Hi.
I have a vps with nginx + php-fpm + wordpress. /wp-login.php receives about 3 POST requests per second. There are 2 issues I'd like to address: server load, which is ~0.70 instead of usual ~0.10, and user accounts security.
The attack is distributed. Today:
# grep wp-login /var/log/nginx/site.access.log | sort | awk '{print $1}' | uniq | wc -l
917
Yesterday:
# grep wp-login /var/log/nginx/site.access.log.1 | sort | awk '{print $1}' | uniq | wc -l
2159
While only admins are usually logged in.
Any ideas how to ban these requests?