My wordpress sites under threat

12 replies
For the last few days, I have been getting alerts from "Wordfence" stating that someone has been blocked from trying to login eg:

A user with IP address 192.187.99.194 has been locked out from the signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 3. The last username they tried to sign in with was: 'admin'
User IP: 192.187.99.194


NOTE: You are using the free version of Wordfence.

I have had about 7 alerts since Friday from 2 of my sites.. seems they are determined to get in the back door.
I have had issues before where my sites have been hacked and that is why I installed this Wordfence plugin and I am so glad I did.

This is a free plugin which can be found in your wpress plugins by doing a simple search and installing. Based on this experience I would recommend anyone to install it on their websites.
#sites #threat #wordpress
  • Profile picture of the author jgjh151
    NinjaFirewall for WP is a good one too. It will block them before they even get to wordpress if it detects they're trying to hit your login over and over. It will add it's own login form in front of the WP login page. By going in front of wordpress, it reduces server load.

    On most of my sites, the login gets hit all the time but as long as you have a strong password, don't use the username 'admin' and have something like wordfence or ninjafirewall installed, they don't get in.

    There are bots that hit the login pages all the time. There are also bots that attempt to gain access to your vps each and everyday. Your vps also needs up to date security, firewal, etc...

    If a particular IP is hitting the login an absurd amount per second, you can go into your nginx or apache config and deny that ip. I've seen some where it was like 15 attempts per second. This can use a lot of resources on the server, so denying the IP reduces that.

    Cloudflare also cuts down on tons of bots.
    {{ DiscussionBoard.errors[9763545].message }}
    • Profile picture of the author smedia11
      I just checked 467 lockouts since my last reset.

      There are 2 free plugins I use on all of my wordpress sites.

      Limit Login Attempts - very simple, setup takes literally 1 minute (install, turn on)

      Captcha On Login - also very simple to use. Does mostly the same thing but adds a Captcha that you need to type in on the logon screen.

      Besides protecting your logon you should also backup your sites for....DISASTER RECOVERY
      Signature

      Discover How To Start and Build An Online Business, Even If You’re a Complete Beginner --> Download Now

      {{ DiscussionBoard.errors[9763594].message }}
  • Profile picture of the author nizamkhan
    I use iThemes Security plugin on my Wordpress blog, it's the easiest and effective WP security plugin.

    - Nizam
    {{ DiscussionBoard.errors[9764194].message }}
    • Profile picture of the author convictie
      Originally Posted by nizamkhan View Post

      I use iThemes Security plugin on my Wordpress blog, it's the easiest and effective WP security plugin.

      - Nizam
      I second this. Ithemes Security is all you need.
      {{ DiscussionBoard.errors[9789177].message }}
  • Profile picture of the author spearce000
    Looks like WordFence is doing its job. You might want to blacklist that IP address, or get on to the ISP and complain. Details here: Track any ip address find out where it comes from. (not an affiliate link).
    {{ DiscussionBoard.errors[9765687].message }}
    • Profile picture of the author AnniePot
      I too use Wordfence. I have have login failures set at 2, and daily go into the logs and all I've found recently are hundreds of Italian failed login attempts, across all of my sites.

      It used to be Russia, China and eastern Europe, but over the last few days it's been virtually all from Italy. Strange.
      {{ DiscussionBoard.errors[9765883].message }}
  • Profile picture of the author vishwa
    I am also using Wordfence free version for my blog and have get similar type of invalid login attempts on daily basis. Just permanently block that ip addresses.
    Signature
    Bloggershook.com- Blogging, and Digital Marketing
    {{ DiscussionBoard.errors[9765892].message }}
    • Profile picture of the author jeyp
      I never had a problem with wordpress hosted website after my hosting company added into my box a cool firewall protection. It detect bots and stuff like what happened to you and block their IP's. I would consider having a firewall installed.
      {{ DiscussionBoard.errors[9765921].message }}
  • Profile picture of the author jeffreyhuan
    Have just checked my Limit Login Attempts statistics.

    Total lockouts: 13318 lockouts since last reset.

    https://wordpress.org/plugins/limit-login-attempts/

    It hasn't been updated in over 2 years but still works like a charm.
    {{ DiscussionBoard.errors[9766683].message }}
  • Profile picture of the author stevet563
    I just put Wordfence on my blog. Can never have enough security. My site was hacked last year and i lost a lot of data.
    Signature

    Highly skilled, professional, passionate and experienced web designer For Hire.

    {{ DiscussionBoard.errors[9769709].message }}
    • Profile picture of the author mazom
      I know what you mean. Luckily I was saved by a recent backup. Since that event I have written on my forefront: "always make backups!".

      Originally Posted by stevet563 View Post

      I just put Wordfence on my blog. Can never have enough security. My site was hacked last year and i lost a lot of data.
      {{ DiscussionBoard.errors[9769759].message }}
  • Profile picture of the author yolktail
    When you get messages from WordFence what you need to do is change your Login URL, and you should block that IP from Cpaenl > IP manager.
    you can block IP range too so it will safe your website.
    {{ DiscussionBoard.errors[9789082].message }}

Trending Topics