• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Managing Bot/Crawler Attacks on wp-login Across Multiple Plesk Servers - Your Solutions?

danim

Basic Pleskian
Server operating system version
Almalinux 9
Plesk version and microupdate number
Plesk Obsidian 18.0.72 Update #3
Hi everyone,

I'm managing around 40 Plesk servers with multiple domains per server belonging to different customers and developers. I'm struggling to keep up with bots and brute-force attempts constantly hammering wp-login.php, xmlrpc.php, and similar endpoints.

Current Setup:
  • Fail2ban with custom rules for bad bots and WordPress attacks
  • Encouraging WP Toolkit security features (xmlrpc blocking, etc.)
  • Pushing Cloudflare with Bot Fight Mode when possible (though not all customers use it)
  • Tried BitNinja in the past, but false positives created a nightmare for our helpdesk team
  • Despite all this, it's constant whack-a-mole - new crawlers, different servers, rotating IPs
My servers need near-constant supervision to avoid crashing under malicious traffic load. Even with fail2ban, IPs are often banned after they've already consumed resources.

How are you handling this at scale? Specifically interested in:
  1. Crowdsourced solutions - CrowdSec or alternatives with better false-positive management than BitNinja?
  2. Proactive blocking - Strategies that catch threats before they impact resources?
  3. Customer compliance - Enforcing security practices across diverse customer bases?
  4. Plesk-specific tools - Extensions or configs that actually make a difference?
Open to paid solutions if they work. The babysitting time is unsustainable.

What's working for you?
 
Would help if PLESK could be set behind a real firewall
Technically speaking you can put Plesk behind a firewall since you can tell Plesk what the public IP address is to the private IP of the Plesk server that's behind the firewall. Just saying.

As for OP's questions, you can look at using Imunify360 as suggested by @Raul A.
 
Back
Top