curtismchale
commented
3 months ago @kevindherman given that no one (outside of colma) should be connecting to wp-login.php I've managed to set a new .htaccess rule to forbid the traffic to /wp-login.php from any location. This is currently deployed on beta. Testing would be visiting https://beta.proudcity.com/wp-login.php and you should get a forbidden message.
Then use my.proudcity.com to login to beta and do some content stuff. You should be able to log in without issue and edit content.
On beta you will still need to use the standard auth login information to see the site first before getting the forbidden message.
While this doesn't fully stop/block remote IPs hitting the page it does stop them accessing anything much sooner in the server life so it will reduce impacts of any attack greatly. Ideally we'd block any IP that hits this page, but as we don't pass IPs through to Kubernetes properly I can't. We hit the same IP issue with #2377
If this is good we can roll it out tomorrow.
kevindherman
We should set NetworkPolicy limitations on who can even access
my.proudcity.comand any variation of/wp-login.php. We should not have any access from outside the US (with an exemption for our single developer outside the US) to our login pages. Rejecting that would stop the type of credential stuffing attack we had to deal with on March 28 2024.There are likely 2 layers with this.
Customer with Cloudflare
/wp-login.php,/wp-admin.phpfrom connecting at all if you're outside the USCustomer without Cloudflare