{"id":2087,"date":"2021-04-19T11:49:04","date_gmt":"2021-04-19T04:49:04","guid":{"rendered":"https:\/\/www.domosquare.com\/tutorial\/?p=2087"},"modified":"2021-04-19T11:49:11","modified_gmt":"2021-04-19T04:49:11","slug":"mencegah-wordpress-brute-force-via-cloudflare","status":"publish","type":"post","link":"https:\/\/www.domosquare.com\/tutorial\/keamanan\/mencegah-wordpress-brute-force-via-cloudflare.html","title":{"rendered":"Mencegah WordPress Brute Force via Cloudflare"},"content":{"rendered":"\n<p>WordPress merupakan CMS paling populer. Kepopuleran nya menyebabkan bahaya keamanan terhadap CMS ini juga tinggi.<\/p>\n\n\n\n<p>Salah satunya adalah brute force. Aksi brute force ini dapat mengganggu performa website Anda, dan juga lebih parahnya dapat menyebabkan website Anda kebobolan terutama jika Anda menggunakan informasi login yang mudah ditebak seperti username yang sederhana seperti admin, dan password yang mudah seperti qwerty123 dan sejenisnya.<\/p>\n\n\n\n<p>Nah pada tutorial ini kita akan mempelajari cara memblokir wordpress brute force ini jika Anda memakai cloudflare.<\/p>\n\n\n\n<p>Sekarang silahkan Anda login kepengaturan domain Anda di cloudflare, dan pilih tab <strong>Rules<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-17.png\"><img loading=\"lazy\" decoding=\"async\" width=\"625\" height=\"438\" src=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-17.png\" alt=\"\" class=\"wp-image-2088\" srcset=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-17.png 625w, https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-17-300x210.png 300w\" sizes=\"auto, (max-width: 625px) 100vw, 625px\" \/><\/a><figcaption>Tab Rules<\/figcaption><\/figure>\n\n\n\n<p>URL yang perlu diamanakan pada umumnya adalah:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>wp-login.php<\/li><li>wp-admin<\/li><li>xmlrpc.php<\/li><\/ul>\n\n\n\n<p>Jadi ada 3 rule yang perlu ditambahkan, dengan settingan masing-masing URL adalah sebagai berikut:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Browser integrity check: <strong>On<\/strong><\/li><li>Security Level: <strong>I&#8217;m Under Attack<\/strong><\/li><\/ul>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-18.png\"><img loading=\"lazy\" decoding=\"async\" width=\"848\" height=\"486\" src=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-18.png\" alt=\"\" class=\"wp-image-2089\" srcset=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-18.png 848w, https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-18-300x172.png 300w, https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-18-768x440.png 768w\" sizes=\"auto, (max-width: 848px) 100vw, 848px\" \/><\/a><figcaption>Contoh penambahan rule untuk wp-login.php<\/figcaption><\/figure>\n\n\n\n<p>Hal yang perlu Anda perhatikan Adalah, pastikan URl yang Anda masukkan sudah sesuai dengan URl wordpress Anda.<\/p>\n\n\n\n<p>Jika satu domain Anda memiliki banyak instalasi pada subfolder misalkan, Anda bisa mengamankan dengan satu rule dengan cara menggunakan karakter wildcard pada URL nya, contoh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>example.com\/*login.php<\/code><\/pre>\n\n\n\n<p>Ini bisa mengamankan semua wp-login pada domain example.com\/<\/p>\n\n\n\n<p>Begitu juga misal jika untuk wp-admin Anda bisa tulis url nya dengan contoh:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>example.com\/*admin\/<\/code><\/pre>\n\n\n\n<p>Dan untuk xmlrpc.php nya:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>example.com\/*mlrpc.php<\/code><\/pre>\n\n\n\n<p>Nah jika sudah Anda Save and Deploy, Anda bisa test 3 rule yang sudah Anda simpan tadi untuk cek apakah sudah bekerja atau tidak.<\/p>\n\n\n\n<p>Jika sudah bekerja Anda akan melihat halaman verifikasi cloudflarenya.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><a href=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-19.png\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"496\" src=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-19-1024x496.png\" alt=\"\" class=\"wp-image-2090\" srcset=\"https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-19-1024x496.png 1024w, https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-19-300x145.png 300w, https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-19-768x372.png 768w, https:\/\/www.domosquare.com\/tutorial\/wp-content\/uploads\/2021\/04\/image-19.png 1114w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/a><figcaption>Halaman verifikasi cloudflare<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>WordPress merupakan CMS paling populer. Kepopuleran nya menyebabkan bahaya keamanan terhadap CMS ini juga tinggi. Salah satunya adalah brute force. Aksi brute force ini dapat mengganggu performa website Anda, dan juga lebih parahnya dapat menyebabkan website Anda kebobolan terutama jika Anda menggunakan informasi login yang mudah ditebak seperti username yang sederhana seperti admin, dan password [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"rating_form_position":"","rating_results_position":"","mr_structured_data_type":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[769,790],"tags":[845],"class_list":["post-2087","post","type-post","status-publish","format-standard","hentry","category-keamanan","category-wordpress","tag-cloudflare"],"jetpack_featured_media_url":"","multi-rating":{"mr_rating_results":[{"adjusted_star_result":0,"star_result":0,"total_max_option_value":5,"adjusted_score_result":0,"score_result":0,"percentage_result":0,"adjusted_percentage_result":0,"count":0,"post_id":2087}]},"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/posts\/2087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/comments?post=2087"}],"version-history":[{"count":1,"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/posts\/2087\/revisions"}],"predecessor-version":[{"id":2091,"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/posts\/2087\/revisions\/2091"}],"wp:attachment":[{"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/media?parent=2087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/categories?post=2087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.domosquare.com\/tutorial\/wp-json\/wp\/v2\/tags?post=2087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}