Attacks on wp-login.php

Hi since the latest update i am getting attacks on wp-login.php anything i can do to stop this.

Hi needsomehelp.
Please provide information about your web server, hosting panel, modsecurity, CWAF plugin and CWAF rules versions.
You can enable Bruteforce protection which disabled by default.

Capenl server not using plugin it’s installed via WHM not sure what version but it updated in the last few days and now this happens. everything is enabled ?

How did you know that you under attack?
If you don’t use any previously saved excludes file ( /usr/local/cwaf/etc/httpd/global/zzz_exclude_global.conf) then all rules protections will be enabled by default work of modsecurity will freeze your server. Also logs sizes will grow.

I know because sometimes i get an high server load and it’s attacks to links like this below

CWAF rules has DoS protection. It disabled by default and should be enabled only when it needed.

Where do i find that ?

You can find it in file: