Block User Agent with .htaccess
Blocking the User Agent
- Log into cPanel
- Navigate to File Manager, located in the Files section
- Locate the site's document root
TIP: If the document root is unknown, it can be found by following this guide. - Locate the site's .htaccess
TIP: If .htaccess is not present, show hidden files in File Manager. - Edit the .htaccess file and add the following to the top of the .htaccess
NOTE: The user agent is expressed in a regular expression and all spaces and must be escaped with \. The full user agent is not required unless you match with ^$, so "Google" would work.
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} EXAMPLE_USER_AGENT RewriteRule (.*) - [F,L] </IfModule>
REPLACE: Replace EXAMPLE_USER_AGENT with the bad user agent.
EXAMPLE: A common user agent is Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0)
Gecko/20100101 Firefox/62.0
which frequently brute forces wp-login.php
Blocking that looks like:
<IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTP_USER_AGENT} Mozilla/5\.0\ \(X11;\ Ubuntu;\ Linux\ x86_64;\ rv:62\.0\)\ Gecko/20100101\ Firefox/62\.0 RewriteRule (.*) - [F,L] </IfModule>