Cara Mengatasi Serangan Brute Force WordPress

Sejak awal diluncurkan, akhyar.id sudah mendapat banyak serangan brute force. Tapi jumlahnya meningkat tajam selama 3 minggu terakhir ini. Sepertinya itu dilakukan oleh lebih dari satu orang. Entah apa tujuannya.

Bagi yang Anda yang belum mengetahui apa itu brute-force, ia adalah upaya untuk ‘membobol’ password login dengan cara mengacak username dan password sampai menemukan kombinasi yang pas dengan harapan bisa masuk ke sistem dan menguasainya. Dan itu semua dilakukan dengan bantuan program atau bot, yang bekerja terus menerus mencari username dan password Anda.

Terlepas dari apa tujuannya (yang jelas biasanya tidak baik), pastinya Anda jengkel bila mengalami serangan brute force ke blog WordPress Anda, seperti yang saya alami.

Memang ada banyak saran yang bisa dilakukan untuk mencegah dan menangkal serangan brute force, seperti mengganti nama admin, menggunakan password yang kuat, menggunakan berbagai plugin keamanan dan sebagainya.

Saya sendiri telah menerapkan semuanya. Mulai dari mengubah URL halaman login, menambahkan captcha, menggunakan plugin login limit (baik plugin yang berdiri sendiri maupun fitur dari plugin security), dan berbagai upaya lainnya.

Tapi, setelah itu semua, serangan brute force tidak kunjung reda, bahkan dalam sejam bisa puluhan upaya masuk yang gagal dan diblok IP-nya.

Saya hampir kehabisan cara, bagaimana menghentikan serangan brute force ke erudisi ini. Sampai akhirnya saya menemukan script dari pastebin. Dan setelah saya terapkan, benar saja, saat itu juga serangan brute force berhenti total. Padahal semua upaya lainnya, tidak membuahkan hasil.

Nah, bagi Anda yang juga mengalami hal yang sama, berikut adalah kode yang perlu Anda tambahkan ke file .htaccess:

# Begin Blacklist
RewriteEngine on
# Abuse Agent Blocking
RewriteCond %{HTTP_USER_AGENT} ^[Ww]eb[Bb]andit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Acunetix [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^binlar [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bolt 0 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^BOT for JCE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Bot mailto:craftbot@yahoo.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^casper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^checkprivacy [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^clshttp [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^cmsworldmap [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^comodo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Custo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Default Browser 0 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^diavol [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DIIbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^DISCo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^dotbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Download Demon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^eCatch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailCollector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Express WebPictures [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^extract [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^feedfinder [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FHscan [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FlashGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^flicky [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^FunWebProducts [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^g00g1e [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetRight [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^grab [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^GrabNet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Grafula [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^harvest [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^HMView [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ia_archiver [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Stripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Image Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InterGET [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Internet Ninja [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^InternetSeer.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^jakarta [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Java [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JetCar [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^JOC Web Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^kanagawa [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^kmccrew [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^larbin [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^libwww [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mass Downloader [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Maxthon$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^microsoft.url [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MIDown tool [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^miner [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mister PiX [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*Indy [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Mozilla.*NEWT [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^MSFrontPage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Navroad [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NearSite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Net Vampire [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetAnts [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^NetZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^nutch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Octopus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Explorer [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Offline Navigator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Papa Foto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pavuk [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^PeoplePal [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^planetwork [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^psbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^purebot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^pycurl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^RealDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^ReGet [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Rippers 0 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SeaMonkey$ [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^sitecheck.internetseer.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^skygrid [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Surfbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Teleport Pro [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Toata dragostea mea pentru diavola [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^turnit [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^vikspider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Image Collector [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Web Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebAuto [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebCopier [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebFetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebGo IS [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebReaper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebSauger [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website eXtractor [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Website Quester [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebStripper [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WebZIP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Wget [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Widow [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WPScan [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWW-Mechanize [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon WebSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Yandex [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^zmeu [NC,OR]
RewriteCond %{HTTP_USER_AGENT} 360Spider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} AhrefsBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} CazoodleBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} discobot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} EasouSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ecxi [NC,OR]
RewriteCond %{HTTP_USER_AGENT} GT::WWW [NC,OR]
RewriteCond %{HTTP_USER_AGENT} heritrix [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HTTP::Lite [NC,OR]
RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ia_archiver [NC,OR]
RewriteCond %{HTTP_USER_AGENT} id-search [NC,OR]
RewriteCond %{HTTP_USER_AGENT} id-search.org [NC,OR]
RewriteCond %{HTTP_USER_AGENT} IDBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Indy Library [NC,OR]
RewriteCond %{HTTP_USER_AGENT} IRLbot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ISC Systems iRc Search 2.1 [NC,OR]
RewriteCond %{HTTP_USER_AGENT} LinksCrawler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} LinksManager.com_bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} linkwalker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} lwp-trivial [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MFC_Tear_Sample [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Microsoft URL Control [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Missigua Locator [NC,OR]
RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} panscient.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PECL::HTTP [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PHPCrawl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} PleaseCrawl [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SBIder [NC,OR]
RewriteCond %{HTTP_USER_AGENT} SearchmetricsBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Snoopy [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Sogou [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Steeler [NC,OR]
RewriteCond %{HTTP_USER_AGENT} URI::Fetch [NC,OR]
RewriteCond %{HTTP_USER_AGENT} urllib [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Web Sucker [NC,OR]
RewriteCond %{HTTP_USER_AGENT} webalta [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WebCollage [NC,OR]
RewriteCond %{HTTP_USER_AGENT} Wells Search II [NC,OR]
RewriteCond %{HTTP_USER_AGENT} WEP Search [NC,OR]
RewriteCond %{HTTP_USER_AGENT} XoviBot [NC,OR]
RewriteCond %{HTTP_USER_AGENT} YisouSpider [NC,OR]
RewriteCond %{HTTP_USER_AGENT} zermelo [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ZyBorg [NC,OR]
# Abuse bot blocking rule end
# Abuse HTTP Referrer Blocking
RewriteCond %{HTTP_REFERER} (?:100dollars-seo|4webmasters.org|7makemoneyonline|anticrawler|
best-seo-offer|best-seo-solution|buttons-for-website|buttons-for-your-website|dailyrank|
darodar|ilovevitaly|kambasoft|medispainstitute|offers.bycontext|ranksonic|savetubevideo|
semalt|sitevaluation|trafficmonetize.org|webmonetizer.net). [NC]
RewriteRule ^.* - [F,L]
# Abuse HTTP Referrer Blocking end
# Start Custom Blocks
# Aboundex
Deny from 173.192.34.95
# Bluecoat
deny from 8.21.4.254
deny from 65.46.48.192/30
deny from 65.160.238.176/28
deny from 85.92.222.0/24
deny from 206.51.36.0/22
deny from 216.52.23.0/24
# cyveillance
deny from 38.100.19.8/29
deny from 38.100.21.0/24
deny from 38.100.41.64/26
deny from 38.105.71.0/25
deny from 38.105.83.0/27
deny from 38.112.21.140/30
deny from 38.118.42.32/29
deny from 65.213.208.128/27
deny from 65.222.176.96/27
deny from 65.222.185.72/29
# Cyberpatrol
deny from 38.103.17.160/27
# Internet Identity - Anti-Phishing
deny from 66.113.96.0/20
deny from 70.35.113.192/27
# Ironport
deny from 204.15.80.0/22
# Lightspeed Systems Security
deny from 66.17.15.128/26
deny from 69.84.207.32/27
deny from 69.84.207.128/25
# Layered Technologies
deny from 72.36.128.0/17
deny from 72.232.0.0/16
deny from 72.233.0.0/17
deny from 216.32.0.0/14
# M86
deny from 67.192.231.224/29
deny from 208.90.236.0/22
# Phish-Inspector.com
deny from 209.147.127.208/28
# Prescient Software, Inc. Phishmongers
deny from 198.186.190.0/23
deny from 198.186.192.0/23
deny from 198.186.194.0/24
# urlfilterdb
deny from 207.210.99.32/29
# websense-in.car1.sandiego1.level3.net
deny from 4.53.120.22
# Websense
deny from 66.194.6.0/24
deny from 67.117.201.128/28
deny from 69.67.32.0/20
deny from 131.191.87.0/24
deny from 204.15.64.0/21
deny from 208.80.192.0/21
deny from 212.62.26.64/27
deny from 213.168.226.0/24
deny from 213.168.241.0/30
deny from 213.168.242.0/30
deny from 213.236.150.16/28
# Tambahkan blok custom tambahan di sini jika mau.
# Tambahkan IP di sini. Contoh format:
# deny from 4.53.120.22
# End Blacklist

Setelah Anda pasang kode tersebut, saya jamin serangan brute force ke blog WordPress Anda akan berhenti seketika. Selamat mencoba.