How to catch bots and robots with a list of prohibited logins
Cerber uses the list of prohibited usernames to reinforce protection by catching bots and hackers
As you already know, there is small, but very useful feature that called a list of prohibited logins/usernames. It’s a comma-separated list of usernames you do not want to be used on your website in any circumstances. That’s it? Nope, there is no “just in case” features in the WP Cerber Security plugin. But how does Cerber use logins from the list to reinforce protection? First of all, the plugin does the following.
- Login or registration with a prohibited username is not permitted.
- Attempt to log in with a prohibited username will be denied and an IP address will be blocked.
Most importantly, combining the list of prohibited logins and the Custom login URL together you help your Cerber is being smart and to detect and catch bots/robots/hackers easily.
If your list is still empty, you definitely have to put on that list the following (commonly used by bots and hackers) usernames: admin, administrator, manager, editor, user, demo, test.
Since v. 5.8.6 you can use regular expressions (REGEX) in the list of prohibited usernames. Specify as many patterns as you need. To specify a REGEX pattern wrap a pattern in two forward slashes like /admin.*/. All comparisons are case-insensitive.
Read more how to create another trap with a Custom login URL.
Last posts from WordPress security blog
- How to clean up activity and live traffic logs February 16, 2018
- How to protect WordPress against CVE-2018-6389 DoS attacks February 11, 2018
- WP Cerber Security 6.2 February 7, 2018
- Traffic Inspector and logging how to February 5, 2018
- Development version 6.1.3 February 1, 2018