Live Chat 
(+972) 079-5599-110
Install CSF first
Use the following commands to install CSF.
$ cd /usr/src $ rm -fv csf.tgz $ wget https://download.configserver.com/csf.tgz $ tar -xzf csf.tgz cd csf $ sh install.sh
Edit the files ‘/etc/csf/csf.conf’ in the first few lines. The testing is enabled by setting to ‘1’; set it to ‘0’ and save the file.
After this, enter the below command.
CSF restart.
$ csf -r
Block attackers with CSF.
With CSF installed, you can use the following script to block wordpress attackers.
This script will read the logs every few minutes depending on how you setup your cron job to run, the script will look for attackers that attempt brute force on one of the following php files on your wordpress site: ‘wp-login.php’ or ‘xmlrpc.php’.
Create a Cron job running this script.
Bash script for cron WHM/cPanel.
#!/bin/bash
###start editing
thold="100"
btime="359m"
###stop editing
egrep 'wp-login.php' /usr/local/apache/domlogs/* | grep -v ftp_log | awk -F : '{print $2}' | awk '{print $1}' | sort | uniq -c | sort -n | awk -v limit="$thold" '$1 > limit{print $2}' > $$_ip_$$
while IFS= read -r line
do
/usr/sbin/csf -td "$line" "$btime" "banned for wordpress attack"
done < $$_ip_$$
rm -f $$_ip_$$Give the script execute permission.
$ chmod +x wplogin.sh
Insert this into crontab and have it executed automatically every 5 minutes.
0 */5 * * * /path_to_script/wplogin/wplogin.sh