Dealing with Sucuri Alerts

If you own a WordPress website and have the Sucuri plugin installed, there’s a good chance you may have received email alerts stating there was an attempted login with the following message like this:

Explanation: Someone failed to login to your site. If you are getting too many of these messages, it is likely your site is under a password guessing brute-force attack [1]. You can disable the failed login alerts from here [2]. Alternatively, you can consider to install a firewall between your website and your visitors to filter out these and other attacks, take a look at Sucuri CloudProxy [3].

Sucuri gives you a few options to deal with these annoying attempts to gain access to your website. One of the options is to install their Website Firewall. This is a great recommendation as this can prevent these attacks from ever even hitting your site at the WordPress level. But if you have multiple websites like I do, this can start racking up quite a monthly expense.

An alternative option is to add password protection on top of your wp-login.php page. Listed below are a few steps you can follow but if you don’t do it right you can get a “500 – Internal Server Error”. This can be remedied by taking the following steps to protect your login area:

Step 1: Create a .htpasswd file by using the .htpasswd generator here. Make sure to take note of your user name and password otherwise you won’t be able to login to your own site.

Step 2: Follow the directions here and add the suggested script to your .htaccess file in your WordPress root folder. Make sure to switch out the user name to the one you made in the .htpasswd file where it says “require user mysecretuser”

Step 3: Once the .htpasswd and .htaccess files have been updated and added to your hosting account try to log in to your website at domain.com/wp-login.php to see if the new popup window works. Enter in the new user credentials you created in step 1. If you see the WordPress login fields after the popup window you did it right.

But if not, this is where it might have gone wrong. The line “AuthUserFile ~/.htpasswd” needs to be changed to the proper full file system path. If it’s incorrect, you will most likely get an annoying “500 – Internal Server Error”.

Here’s what you need to do next. Create a file called anything dot php. For this example simply call it root.php. Add this code to the file, save and upload to your root folder:

<?php
echo $_SERVER[‘DOCUMENT_ROOT’];
?>

Go to your domain.com/root.php and you’ll get the exact full file system path. Copy and paste it into “AuthUserFile ~/.htpasswd”. It should now look something like “AuthUserFile /home/yourhostingaccountname/public_html/domain.com/.htpasswd”

Update your .htaccess file and you should be good to go. If the code above doesn’t work, go here to grab the code instead.

Once everything is working properly, make sure to remove your root.php file!

Comments

comments