My wordpress sites under threat

by Graham Maddison

Posted: 9 years ago 12 replies

INTERNET MARKETING

For the last few days, I have been getting alerts from "Wordfence" stating that someone has been blocked from trying to login eg:

A user with IP address 192.187.99.194 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 3. The last username they tried to sign in with was: 'admin'
User IP: 192.187.99.194

NOTE: You are using the free version of Wordfence.

I have had about 7 alerts since Friday from 2 of my sites.. seems they are determined to get in the back door.
I have had issues before where my sites have been hacked and that is why I installed this Wordfence plugin and I am so glad I did.

This is a free plugin which can be found in your wpress plugins by doing a simple search and installing. Based on this experience I would recommend anyone to install it on their websites.

#sites #threat #wordpress

jgjh151 9 years ago

NinjaFirewall for WP is a good one too. It will block them before they even get to wordpress if it detects they're trying to hit your login over and over. It will add it's own login form in front of the WP login page. By going in front of wordpress, it reduces server load.

On most of my sites, the login gets hit all the time but as long as you have a strong password, don't use the username 'admin' and have something like wordfence or ninjafirewall installed, they don't get in.

There are bots that hit the login pages all the time. There are also bots that attempt to gain access to your vps each and everyday. Your vps also needs up to date security, firewal, etc...

If a particular IP is hitting the login an absurd amount per second, you can go into your nginx or apache config and deny that ip. I've seen some where it was like 15 attempts per second. This can use a lot of resources on the server, so denying the IP reduces that.

Cloudflare also cuts down on tons of bots.
- Thanks
- 1 reply
{{ DiscussionBoard.errors[9763545].message }}
- smedia11 9 years ago
  
  I just checked 467 lockouts since my last reset.
  
  There are 2 free plugins I use on all of my wordpress sites.
  
  Limit Login Attempts - very simple, setup takes literally 1 minute (install, turn on)
  
  Captcha On Login - also very simple to use. Does mostly the same thing but adds a Captcha that you need to type in on the logon screen.
  
  Besides protecting your logon you should also backup your sites for....DISASTER RECOVERY
  
  Thanks
  
  Signature
  
  Discover How To Start and Build An Online Business, Even If Youâ€™re a Complete Beginner --> Download Now
  
  {{ DiscussionBoard.errors[9763594].message }}
nizamkhan 9 years ago

I use iThemes Security plugin on my Wordpress blog, it's the easiest and effective WP security plugin.

- Nizam
- Thanks
- 1 reply
Signature
[FREE DOWNLOAD] My list of 101 FREE Tools and Services for Online Marketers!
{{ DiscussionBoard.errors[9764194].message }}
- convictie 9 years ago
  
  Originally Posted by nizamkhan
  
  I use iThemes Security plugin on my Wordpress blog, it's the easiest and effective WP security plugin.
  
  - Nizam
  
  I second this. Ithemes Security is all you need.
  
  Thanks
  
  {{ DiscussionBoard.errors[9789177].message }}
spearce000 9 years ago

Looks like WordFence is doing its job. You might want to blacklist that IP address, or get on to the ISP and complain. Details here: Track any ip address find out where it comes from. (not an affiliate link).
- Thanks
- 1 reply
{{ DiscussionBoard.errors[9765687].message }}
- AnniePot 9 years ago
  
  I too use Wordfence. I have have login failures set at 2, and daily go into the logs and all I've found recently are hundreds of Italian failed login attempts, across all of my sites.
  
  It used to be Russia, China and eastern Europe, but over the last few days it's been virtually all from Italy. Strange.
  
  Thanks
  
  {{ DiscussionBoard.errors[9765883].message }}
vishwa 9 years ago

I am also using Wordfence free version for my blog and have get similar type of invalid login attempts on daily basis. Just permanently block that ip addresses.
- Thanks
- 1 reply
Signature
Techbizmasters.com- Blogging, Technology, and Digital Marketing
{{ DiscussionBoard.errors[9765892].message }}
- jeyp 9 years ago
  
  I never had a problem with wordpress hosted website after my hosting company added into my box a cool firewall protection. It detect bots and stuff like what happened to you and block their IP's. I would consider having a firewall installed.
  
  Thanks
  
  Signature
  Premium Web Design for Startups & Marketing
  
  {{ DiscussionBoard.errors[9765921].message }}
jeffreyhuan 9 years ago

Have just checked my Limit Login Attempts statistics.

Total lockouts: 13318 lockouts since last reset.

https://wordpress.org/plugins/limit-login-attempts/

It hasn't been updated in over 2 years but still works like a charm.
- Thanks
{{ DiscussionBoard.errors[9766683].message }}
stevet563 9 years ago

I just put Wordfence on my blog. Can never have enough security. My site was hacked last year and i lost a lot of data.
- Thanks
- 1 reply
Signature

Highly skilled, professional, passionate and experienced web designer For Hire.
{{ DiscussionBoard.errors[9769709].message }}
- mazom 9 years ago
  
  I know what you mean. Luckily I was saved by a recent backup. Since that event I have written on my forefront: "always make backups!".
  
  Originally Posted by stevet563
  
  I just put Wordfence on my blog. Can never have enough security. My site was hacked last year and i lost a lot of data.
  
  Thanks
  
  {{ DiscussionBoard.errors[9769759].message }}
yolktail 9 years ago

When you get messages from WordFence what you need to do is change your Login URL, and you should block that IP from Cpaenl > IP manager.
you can block IP range too so it will safe your website.
- Thanks
{{ DiscussionBoard.errors[9789082].message }}