{"id":786,"date":"2025-02-27T11:46:44","date_gmt":"2025-02-27T10:46:44","guid":{"rendered":"https:\/\/weblog.uncasapart.fr\/?p=786"},"modified":"2025-06-24T11:32:59","modified_gmt":"2025-06-24T09:32:59","slug":"protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord","status":"publish","type":"post","link":"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/","title":{"rendered":"Protection de WordPress contre les tentatives de connexion au tableau de bord"},"content":{"rendered":"\n<p>Comme tous les routeurs du monde expos\u00e9s \u00e0 internet le mien re\u00e7oit des dizaines de milliers de scan de ports ou de tentatives de connexions chaque jour. La plupart d&rsquo;entre elles se retrouve imm\u00e9diatement bloqu\u00e9e par le firewall selon les r\u00e8gles en place. <br><\/p>\n\n\n\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/#Des_ports_TCP_forcement_ouverts\" >Des ports TCP forc\u00e9ment ouverts<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/#Une_extension_indispensable%E2%80%A6\" >Une extension indispensable&#8230;<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/#%E2%80%A6mais_insuffisante\" >&#8230;mais insuffisante<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/#Trouver_la_parade\" >Trouver la parade<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/#Parametrage_au_niveau_du_serveur_Apache\" >Param\u00e9trage au niveau du serveur Apache<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/weblog.uncasapart.fr\/index.php\/2025\/02\/27\/protection-de-wordpress-contre-les-tentatives-de-connexion-au-tableau-de-bord\/#Bilan\" >Bilan<\/a><\/li><\/ul><\/nav><\/div>\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Des_ports_TCP_forcement_ouverts\"><\/span>Des ports TCP forc\u00e9ment ouverts<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p><br>Plusieurs milliers passent n\u00e9anmoins par les ports tcp\/80 et tcp\/443 ouverts qui sont indispensables pour atteindre le serveur web Apache qui h\u00e9berge ce WordPress. <br><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Une_extension_indispensable%E2%80%A6\"><\/span>Une extension indispensable&#8230; <span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>J&rsquo;ai mis en place l&rsquo;extension \u00ab\u00a0<a href=\"https:\/\/wordpress.org\/plugins\/wps-limit-login\/\" target=\"_blank\" rel=\"noreferrer noopener\">WPS Limit Login<\/a>\u00a0\u00bb qui sert \u00e0 prot\u00e9ger l&rsquo;interface de connexion des attaques de type Brute Force en bloquant l&rsquo;adresse IP qui attaque apr\u00e8s quelques tentatives pour une dur\u00e9e choisie. Deux essais en 1 heures avant 24 heures de blocage puis 48 heures de blocage si un 3eme essai non concluant est effectu\u00e9 durant ces 24 heures, cela limite grandement les risques d&rsquo;intrusion!<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1001\" height=\"815\" src=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-37-10.png\" alt=\"\" class=\"wp-image-798\" srcset=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-37-10.png 1001w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-37-10-300x244.png 300w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-37-10-768x625.png 768w\" sizes=\"auto, (max-width: 1001px) 100vw, 1001px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"951\" height=\"258\" src=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-45-02.png\" alt=\"\" class=\"wp-image-796\" srcset=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-45-02.png 951w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-45-02-300x81.png 300w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-45-02-768x208.png 768w\" sizes=\"auto, (max-width: 951px) 100vw, 951px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"%E2%80%A6mais_insuffisante\"><\/span>&#8230;mais insuffisante <span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Extension efficace, merci aux d\u00e9veloppeurs, mais l&rsquo;afflux constant de mails d&rsquo;avertissement prouve bien que les tentatives sont permanentes. <\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"699\" height=\"733\" src=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-48-37.png\" alt=\"\" class=\"wp-image-797\" srcset=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-48-37.png 699w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-02-26-15-48-37-286x300.png 286w\" sizes=\"auto, (max-width: 699px) 100vw, 699px\" \/><\/figure>\n\n\n\n<p>Pourquoi laisser la possibilit\u00e9 aux hackers et robots spammeurs de non seulement continuer \u00e0 tenter de rentrer \u00e0 force de tentatives et en plus de solliciter le serveur, la base de donn\u00e9es, et donc gaspiller du temps CPU ?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Trouver_la_parade\"><\/span>Trouver la parade<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Il est donc n\u00e9cessaire d&rsquo;ajouter une couche de protection suppl\u00e9mentaire.<\/p>\n\n\n\n<p>Comme je n&rsquo;ai jamais besoin de publier depuis une adresse IP autre que locale ou via mon VPN, il n&rsquo;est pas n\u00e9cessaire d&rsquo;autoriser d&rsquo;autres adresses se connecter.<\/p>\n\n\n\n<p>Les tentatives de connexion que j&rsquo;ai pu observer se font via le r\u00e9pertoire \/wp-admin ou directement en attaquant les fichiers wp-login.php et xmlrpc.php<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Parametrage_au_niveau_du_serveur_Apache\"><\/span>Param\u00e9trage au niveau du serveur Apache<span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>La solution pour bloquer ces attaques est donc de n&rsquo;autoriser le serveur Apache \u00e0 servir uniquement les adresses locales LAN et VPN (192.168.0.0\/24) et les adresse IPv6 statique de chacun de mes clients. Cela se param\u00e8tre en utilisant des directives au niveau du serveur Apache<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&lt;Files \/var\/www\/wp\/wp-login.php&gt;\nRequire ip 192.168.0.0\/24\nRequire ip 1a02:3456:7890:ab00::\/56\nErrorDocument 403 \"Page not found\"\n&lt;\/Files&gt;\n\n&lt;Files \/var\/www\/wp\/wp-signup.php&gt;\nRequire ip 192.168.0.0\/24\nRequire ip 1a02:3456:7890:ab00::\/56\nErrorDocument 403 \"Page not found\"\n&lt;\/Files&gt;\n\n&lt;Files \/var\/www\/wp\/xmlrpc.php&gt;\nRequire ip 192.168.0.0\/24\nRequire ip 1a02:3456:7890:ab00::\/56\nErrorDocument 403 \"Page not found\"\n&lt;\/Files&gt;\n\n&lt;Directory \/var\/www\/wp\/wp-admin&gt;\nRequire ip 192.168.0.0\/24\nRequire ip 1a02:3456:7890:ab00::\/56\nErrorDocument 403 \"Page not found\"\n&lt;\/Files&gt;<\/code><\/pre>\n\n\n\n<p>On en profite pour tricher un peu et mettre un message d&rsquo;erreur de type 404 <em>\u00ab\u00a0Page not found\u00a0\u00bb<\/em> pour une erreur d&rsquo;acc\u00e8s non autoris\u00e9 403 \ud83d\ude09.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><span class=\"ez-toc-section\" id=\"Bilan\"><\/span>Bilan <span class=\"ez-toc-section-end\"><\/span><\/h2>\n\n\n\n<p>Cette menace cesse instantan\u00e9ment et hasard ou pas, les attaques aussi comme si les robots avaient abandonn\u00e9 en l&rsquo;absence de r\u00e9ponse coh\u00e9rente \u00e0 leurs sollicitations. En effet les fichiers leur \u00e9tant d\u00e9sormais inaccessibles, inexistants de leur point de vue, peut-\u00eatre leurs ma\u00eetres ont int\u00e9gr\u00e9 qu&rsquo;il \u00e9tait vain de poursuivre ces attaques? <\/p>\n\n\n\n<p>Mise \u00e0 jour apr\u00e8s environ 2 mois: les derni\u00e8res tentatives datent bien de la veille de la publication de l&rsquo;article, juste avant la mise en place de cette protection. <\/p>\n\n\n\n<p><strong>Depuis: plus aucune tentative de connexion frauduleuse<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"662\" src=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-04-17-12-32-21-1024x662.png\" alt=\"\" class=\"wp-image-857\" srcset=\"https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-04-17-12-32-21-1024x662.png 1024w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-04-17-12-32-21-300x194.png 300w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-04-17-12-32-21-768x496.png 768w, https:\/\/weblog.uncasapart.fr\/wp-content\/uploads\/2025\/02\/Capture-decran-du-2025-04-17-12-32-21.png 1315w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Comme tous les routeurs du monde expos\u00e9s \u00e0 internet le mien re\u00e7oit des dizaines de milliers de scan de ports ou de tentatives de connexions chaque jour. La plupart d&rsquo;entre elles se retrouve imm\u00e9diatement bloqu\u00e9e par le firewall selon les r\u00e8gles en place. <\/p>\n","protected":false},"author":1,"featured_media":806,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15,1,129],"tags":[130,7,132,133,131],"class_list":["post-786","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-informatique","category-non-classe","category-wordpress","tag-securite","tag-wordpress","tag-wp-admin","tag-wp-login","tag-xmlrpc"],"_links":{"self":[{"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/posts\/786","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/comments?post=786"}],"version-history":[{"count":16,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/posts\/786\/revisions"}],"predecessor-version":[{"id":883,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/posts\/786\/revisions\/883"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/media\/806"}],"wp:attachment":[{"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/media?parent=786"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/categories?post=786"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/weblog.uncasapart.fr\/index.php\/wp-json\/wp\/v2\/tags?post=786"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}