I have examined the load reduction performance against brute-force attacks by using IP Geo Block. I report the result in this article.
attack.sh is a shell program which mesures load of malicious
burst accesses to WordPress back-end such as
It gives an emulation of spam comment, pingback spam, login attempt and malicious access to the admin ajax with 5 multiple requests at a time throughout 60 seconds.
I setup the testbed in my local PC which specifications are followings:
|Hardware||MacBook Pro / 2.8GHz Core i7 / Memory 16GB|
|Software||OS X 10.9.5 / MAMP 2.0 (Apache 2.2.22, PHP 5.4.4)|
|WordPress||4.3-ja / Site Language: English|
And here are the plugins which installed in the above environments:
Speaking generally, it is better to separate the hardware on each side of requesting and responding because those have an influence on each other. But unfortunately I don’t have any such rich environments. So please take it into consideration when you see the results.
Wordfence has a lot of options. So I leave them as just after installation.
On the other hand, options for IP Geo Block 2.1.5 are changed as follows:
At the begining of each test, the DB was optimized using Optimize Database after Deleting Revisions.
I picked up only “Requests per second”, “Time per request (across all concurrent requests)” from the results of ApacheBench which indicate the performace of load reduction. The higher in “Requests/sec” and the lower in “Time/req [ms]” are better.
The “IGB” means “IP Geo Block”, “WFS” means “Wordfence Security”. And “ON” indicates “Activate” and “OFF” indicates “Deactivate”.
When both “IGB” and “WFS” are “ON”, I got the following email:
A user with IP address WWW.XXX.YYY.ZZZ has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 20. The last username they tried to sign in with was: ‘admin’
where “WWW.XXX.YYY.ZZZ” is IP address which is set by
attack.sh. And there’s
no validation logs in IP Geo Block. It means that the excution priority of
Wordfence is higher than IP Geo Block.
Speaking about the site performance, more plugins leads to less speed. The results shows that the performance of load reduction by IP Geo Block against brute-force attacks is not so outstanding, but I think it minimize a rise of the load.