Nginx Rate Limiting

Written by

Yujin Boby

in

Nginx web server support rate-limiting with module ngx_http_limit_req_module.

Block WordPress wp-login.php attack

To block the WordPress wp-login.php attack, add the following to http section of your nginx.conf file.

limit_req_zone $binary_remote_addr zone=WPRATELIMIT:10m rate=2r/s;
limit_req_status 429;

2r/2 = Lmit 2 requests per second.

Inside server entry for the website, add

location ~ \wp-login.php$ {
    limit_req zone=WPRATELIMIT;
    include snippets/fastcgi-php.conf;
}

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts