Being Attacked by a hacker right now!?

49 replies
Hello great people at Warrior Forum,

I am not an expert but it looks like my wordpress blog on my subdomain has been attacked for the past 3days and still continues.

It's coming from Ukraine. Happening to wp-login.php daily.
4,723 pages and 4,723 hits in 3 days

Is some kind of hacker trying to figure out the right password automatically?
Is this happening because I installed wordpress by Hostgator Fantastico?

Anyway, I would appreciate if someone could help me get out of this.
Thank you.
#attacked #hacker
  • Profile picture of the author BurtL
    Originally Posted by Cayce Columbia View Post

    Hello great people at Warrior Forum,

    I am not an expert but it looks like my wordpress blog on my subdomain has been attacked for the past 3days and still continues.

    It's coming from Ukraine. Happening to wp-login.php daily.
    4,723 pages and 4,723 hits in 3 days

    Is some kind of hacker trying to figure out the right password automatically?
    Is this happening because I installed wordpress by Hostgator Fantastico?

    Anyway, I would appreciate if someone could help me get out of this.
    Thank you.
    It's nothing that you've done, this will happen to most websites.

    It's advisable to remove the default admin account from your users list, make sure though you have another account with administrator access.

    Also, always make sure wordpress and all the plugins are up todate, including your theme.
    Signature

    Aphasia: Loss of Language NOT Intelligence.

    {{ DiscussionBoard.errors[8077126].message }}
    • Profile picture of the author CandyxLand
      It sounds a lot more like a DDOS attack than a brute force attack. But to be safe change all your passwords every few hours, make sure all of your permissions are closed. Also talk to your hosting company and make sure nobody else has connected via FTP, cpanel, or your wordpress admin.
      {{ DiscussionBoard.errors[8077136].message }}
      • Profile picture of the author lpalad
        Further, use very complex password. I recommend you should use free service like the below to generate super complex password. change your admin password minimum every 7 days..

        Strong Password Generator

        I also recommend you rename your admin USERID.

        Something like admin_w0pr3zz

        Cheers
        {{ DiscussionBoard.errors[8077245].message }}
      • Profile picture of the author RobinInTexas
        Originally Posted by CandyxLand View Post

        It sounds a lot more like a DDOS attack than a brute force attack. But to be safe change all your passwords every few hours, make sure all of your permissions are closed. Also talk to your hosting company and make sure nobody else has connected via FTP, cpanel, or your wordpress admin.
        Create a strong password 12-15 characters at least one each of upper and lower case, number and symbol and it is impossible for someone to crack it online using dictionary or brute force.

        No need to keep changing them. If someone is sniffing or using a keylogger they are going to defeat anything you do.
        Signature

        Robin



        ...Even if you're on the right track, you'll get run over if you just set there.
        {{ DiscussionBoard.errors[8089445].message }}
    • Profile picture of the author Cayce Columbia
      Originally Posted by Screen Text View Post

      It's nothing that you've done, this will happen to most websites.

      It's advisable to remove the default admin account from your users list, make sure though you have another account with administrator access.

      Also, always make sure wordpress and all the plugins are up todate, including your theme.
      I did exactly what you said. Thanks a lot. Finally no more freaking out without knowing what to do in the middle of the night!
      {{ DiscussionBoard.errors[8083388].message }}
    • Profile picture of the author FitMarketer
      Originally Posted by Screen Text View Post

      It's nothing that you've done, this will happen to most websites.

      It's advisable to remove the default admin account from your users list, make sure though you have another account with administrator access.

      Also, always make sure wordpress and all the plugins are up todate, including your theme.
      This is good advice

      This happened to me also in the fast

      I contacted my host hostgator and they were able to re upload my sites.

      Make sure all themes, plugins, and wordpress is up to date

      Also be sure to change your WP admin passwords and cpanel passwords often to prevent this from happening again

      Hope this helps
      {{ DiscussionBoard.errors[8092131].message }}
      • Profile picture of the author RobinInTexas
        Originally Posted by FitMarketer View Post

        This is good advice

        Also be sure to change your WP admin passwords and cpanel passwords often to prevent this from happening again

        Hope this helps
        If you use a strong password in the first place, there is no need to change it, unless somebody has been looking over your shoulder (physically or virtually) and then the damage has probably been done and you are protecting things going forward.
        Signature

        Robin



        ...Even if you're on the right track, you'll get run over if you just set there.
        {{ DiscussionBoard.errors[8092261].message }}
  • Profile picture of the author sbucciarel
    Banned
    Install the Limit Login Attempts plugin and it will put a stop to brute force attempts.
    {{ DiscussionBoard.errors[8077673].message }}
    • Profile picture of the author aizaku
      Originally Posted by sbucciarel View Post

      Install the Limit Login Attempts plugin and it will put a stop to brute force attempts.
      I second this because I use it myself.
      Signature
      >> 2018 Money Making Method Video Guides [NO OPTIN] <<
      80% Of These Proven Guides Are Free... ]
      {{ DiscussionBoard.errors[8077971].message }}
    • Profile picture of the author Cayce Columbia
      Originally Posted by sbucciarel View Post

      Install the Limit Login Attempts plugin and it will put a stop to brute force attempts.
      I did. Thanks a lot. It's useful and fun to watch as it tells what user names they are using.
      {{ DiscussionBoard.errors[8083376].message }}
  • {{ DiscussionBoard.errors[8077837].message }}
    • Profile picture of the author Walters
      Originally Posted by sbucciarel View Post

      Install the Limit Login Attempts plugin and it will put a stop to brute force attempts.
      Originally Posted by MatthewWoodward View Post

      Hi,

      Install WordPress › Better WP Security « WordPress Plugins that will take care of most of the problems for you
      I guess this answers your questions. But I have another question of mine to ask to all the good WF members. I have a blog that has been hacked, and admin password and email changed. But I still have all the cPanel access and access to all the MYSql data base.

      Is there anywhere to take control of my blog back?
      Signature

      Get a Flood of real visitors to your website with the Best Manual Traffic Exchange, and earn $1 per referral and 50% commissions on all referral purchases.

      {{ DiscussionBoard.errors[8077883].message }}
      • Profile picture of the author CandyxLand
        Originally Posted by Walters View Post

        I guess this answers your questions. But I have another question of mine to ask to all the good WF members. I have a blog that has been hacked, and admin password and email changed. But I still have all the cPanel access and access to all the MYSql data base.

        Is there anywhere to take control of my blog back?
        You can use cpanel to restore the database to a previous version. Hopefully you've backed it up at some point. Also contact your hosting provider to ask them if they have a saved copy.
        {{ DiscussionBoard.errors[8077933].message }}
      • Profile picture of the author professorrosado
        Originally Posted by Walters View Post

        I guess this answers your questions. But I have another question of mine to ask to all the good WF members. I have a blog that has been hacked, and admin password and email changed. But I still have all the cPanel access and access to all the MYSql data base.

        Is there anywhere to take control of my blog back?
        Go through panel - find myPhpAdmin
        Log into your blog's database - check WP Database credentials in your blog's wp-config file before this.
        Find in your database tables listing - users - look for admin user and click on edit.
        Change Id and password to whatever you want but select md5 from the drop down menu before your editing input area..

        Save.

        I'll try to edit this with a screenshot when I get back to my desktop.
        {{ DiscussionBoard.errors[8078035].message }}
    • Profile picture of the author smodha
      Originally Posted by MatthewWoodward View Post

      Hi,

      Install WordPress › Better WP Security « WordPress Plugins that will take care of most of the problems for you
      And OSE Firewall. I got that from your blog
      Signature
      I Sell What People Want. The Money Is A Bonus..
      {{ DiscussionBoard.errors[8080589].message }}
  • Profile picture of the author MemberWing
    Here's what happening. As of now these bots are pretty dumb. Although this is everlasting cat and mouse game so being on top of it with updates helps.

    Gleb
    {{ DiscussionBoard.errors[8077895].message }}
  • Profile picture of the author MemberWing
    PS: if you want I can scan (for free) your WEB files via FTP for all kinds of possible hackers intrusions, backdoors, installed malware, etc...

    Contact me via secure contact form.
    {{ DiscussionBoard.errors[8077925].message }}
  • Profile picture of the author ankitoberoi
    A very simple, quick & permanent solution would be to place a .htaccess file with only your IP being given access to the admin folder and login script.

    The only requirement is that you should have a dedicated IP, otherwise, you'll need to update your IP in this .htaccess each time before you log in.
    Signature

    BETA - AdPushup | Increase AdSense revenue using advanced automated A/B Testing.

    Recent Post - How Typography Affects Readers

    Twitter - @oberoiankit

    {{ DiscussionBoard.errors[8078092].message }}
  • Profile picture of the author Nuutero
    Change your username. Wordpress attacks are targetting WP sites with the "admin" username. They are bruteforcing attacks so it might be possible that you are under one (referring to your page hits). Just change your username or create a new account and change your password to something with: lower case, upper case, numbers and special chars. That way your password is almost impossible to bruteforce. Also, keep the password around 10 chars min.
    Signature
    The simple things and subtleties they always stay the same
    I don't mind, that I don't mind, no, I don't mind the rain
    Like a widow's heart
    We fall apart
    But never fade away
    {{ DiscussionBoard.errors[8078107].message }}
  • Profile picture of the author RobinInTexas
    Install Wordfence security plugin. It will scan your WordPress installation files for changes daily, also it can lock out an IP after any selected number of login failures. I set that as 1. I have one blog where it locks out 6-12 IP's daily.
    Signature

    Robin



    ...Even if you're on the right track, you'll get run over if you just set there.
    {{ DiscussionBoard.errors[8078118].message }}
    • Profile picture of the author Karen Blundell
      listen it's a bot - I'm under attack too - hundreds of random IP addresses hitting wp-login.php. The funny thing is I no longer have WordPress installed on my main site so I have put in a redirect so that when they hit that file they now get redirected to this:



      lol -

      I could have been way nastier but I'm hoping if a real visitor hits that wp-login.php they will get a little laugh.

      That is the beauty of .htaccess - You can add all kinds of neat stuff to prevent people from doing nasty things to your site.

      Suzanne mentioned installing the plugin Limit Login Attempts plugin - yes, if you must add another plugin -
      the problem is - the more plugins you have installed, the bigger your server load - and if that plugin is churning away stopping those login attempts, you will notice a huge increase in the how much CPU resources you are using on your site which you can see from within your cPanel.

      If you insist on keeping WordPress to run your site, then what I did for a while was password-protect the wp-admin folder for extra layer of protection - so you will have 2 logins - that works if you don't have members on your blog -

      To prevent a load on your already heavy-duty WordPress blog - I strongly recommend that you install the following script on your server- however, change the name of the folder you place it in to something else rather than the default:

      Anti-Hammer - Automatically ban web site hammers, referer spammers, h4x0r5 & more.. Protect your valuable server resources for genuine clients.
      From the front page this is what this script does:
      Anti-Hammer!

      • Automatically ban web site hammers!
      • Protect your site against Referer Spam!
      • Deny script-kiddie and h4x0r requests!
      • Send bad bots and spiders packing!
      • Protect your valuable server resources for genuine clients..

      Also, I would add the following to your .htaccess file: (this stops a huge percentage of bots from accessing your site):

      RewriteEngine On

      RewriteCond %{HTTP_USER_AGENT} ^BlackWidow [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Bot\ mailto:craftbot@yahoo.com [OR]
      RewriteCond %{HTTP_USER_AGENT} ^ChinaClaw [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Custo [OR]
      RewriteCond %{HTTP_USER_AGENT} ^DISCo [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Download\ Demon [OR]
      RewriteCond %{HTTP_USER_AGENT} ^eCatch [OR]
      RewriteCond %{HTTP_USER_AGENT} ^EirGrabber [OR]
      RewriteCond %{HTTP_USER_AGENT} ^EmailSiphon [OR]
      RewriteCond %{HTTP_USER_AGENT} ^EmailWolf [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Express\ WebPictures [OR]
      RewriteCond %{HTTP_USER_AGENT} ^ExtractorPro [OR]
      RewriteCond %{HTTP_USER_AGENT} ^EyeNetIE [OR]
      RewriteCond %{HTTP_USER_AGENT} ^FlashGet [OR]
      RewriteCond %{HTTP_USER_AGENT} ^GetRight [OR]
      RewriteCond %{HTTP_USER_AGENT} ^GetWeb! [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Go!Zilla [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Go-Ahead-Got-It [OR]
      RewriteCond %{HTTP_USER_AGENT} ^GrabNet [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Grafula [OR]
      RewriteCond %{HTTP_USER_AGENT} ^HMView [OR]
      RewriteCond %{HTTP_USER_AGENT} HTTrack [NC,OR]
      RewriteCond %{HTTP_USER_AGENT} ^Image\ Stripper [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Image\ Sucker [OR]
      RewriteCond %{HTTP_USER_AGENT} Indy\ Library [NC,OR]
      RewriteCond %{HTTP_USER_AGENT} ^InterGET [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Internet\ Ninja [OR]
      RewriteCond %{HTTP_USER_AGENT} ^JetCar [OR]
      RewriteCond %{HTTP_USER_AGENT} ^JOC\ Web\ Spider [OR]
      RewriteCond %{HTTP_USER_AGENT} ^larbin [OR]
      RewriteCond %{HTTP_USER_AGENT} ^LeechFTP [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Mass\ Downloader [OR]
      RewriteCond %{HTTP_USER_AGENT} ^MIDown\ tool [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Mister\ PiX [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Navroad [OR]
      RewriteCond %{HTTP_USER_AGENT} ^NearSite [OR]
      RewriteCond %{HTTP_USER_AGENT} ^NetAnts [OR]
      RewriteCond %{HTTP_USER_AGENT} ^NetSpider [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Net\ Vampire [OR]
      RewriteCond %{HTTP_USER_AGENT} ^NetZIP [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Octopus [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Offline\ Explorer [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Offline\ Navigator [OR]
      RewriteCond %{HTTP_USER_AGENT} ^PageGrabber [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Papa\ Foto [OR]
      RewriteCond %{HTTP_USER_AGENT} ^pavuk [OR]
      RewriteCond %{HTTP_USER_AGENT} ^pcBrowser [OR]
      RewriteCond %{HTTP_USER_AGENT} ^RealDownload [OR]
      RewriteCond %{HTTP_USER_AGENT} ^ReGet [OR]
      RewriteCond %{HTTP_USER_AGENT} ^SiteSnagger [OR]
      RewriteCond %{HTTP_USER_AGENT} ^SmartDownload [OR]
      RewriteCond %{HTTP_USER_AGENT} ^SuperBot [OR]
      RewriteCond %{HTTP_USER_AGENT} ^SuperHTTP [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Surfbot [OR]
      RewriteCond %{HTTP_USER_AGENT} ^tAkeOut [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Teleport\ Pro [OR]
      RewriteCond %{HTTP_USER_AGENT} ^VoidEYE [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Web\ Image\ Collector [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Web\ Sucker [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebAuto [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebCopier [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebFetch [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebGo\ IS [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebLeacher [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebReaper [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebSauger [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Website\ eXtractor [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Website\ Quester [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebStripper [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebWhacker [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WebZIP [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Wget [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Widow [OR]
      RewriteCond %{HTTP_USER_AGENT} ^WWWOFFLE [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Xaldon\ WebSpider [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Zeus [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Java [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Sogou\ web\ spider [OR]
      RewriteCond %{HTTP_USER_AGENT} ^Sosospider+
      RewriteRule ^.* - [F,L]


      good luck out there folks -

      Signature
      ---------------
      {{ DiscussionBoard.errors[8078500].message }}
      • Profile picture of the author RobinInTexas
        Originally Posted by Karen Blundell View Post

        RewriteCond %{HTTP_USER_AGENT} ^Sosospider+
        RewriteRule ^.* - [F,L]
        Instead of the last line you use, which generates an Acccess denied error and error page and the resulting entry in the error log , I prefer to use

        Code:
        RewriteRule .* http://%{REMOTE_ADDR} [L]
        Which sends a simple redirect, just a hundred bytes or so, tells the bot or the person to go back where they live. Much less load on my server.
        Signature

        Robin



        ...Even if you're on the right track, you'll get run over if you just set there.
        {{ DiscussionBoard.errors[8080547].message }}
        • Profile picture of the author Karen Blundell
          Originally Posted by RobinInTexas View Post

          Instead of the last line you use, which generates an Acccess denied error and error page and the resulting entry in the error log , I prefer to use

          Code:
          RewriteRule .* http://%{REMOTE_ADDR} [L]
          Which sends a simple redirect, just a hundred bytes or so, tells the bot or the person to go back where they live. Much less load on my server.
          ah, makes perfect sense! Thank you for that
          Signature
          ---------------
          {{ DiscussionBoard.errors[8082079].message }}
          • Profile picture of the author RobinInTexas
            And an additional plus, if they're trying a brute force attack, they don't get an error and depending on how smart the bot is, it has to wait to time out before it can try again.
            Signature

            Robin



            ...Even if you're on the right track, you'll get run over if you just set there.
            {{ DiscussionBoard.errors[8082326].message }}
      • Profile picture of the author Bsperling
        Great Post Karen Blundell loved it..
        {{ DiscussionBoard.errors[8080649].message }}
  • Profile picture of the author MarvyDery
    I would advise you install these plugins on your site as soon as possible
    WP Antivirus
    BulletProff Security
    Better WP Security
    Wodfence
    SI Captcha
    {{ DiscussionBoard.errors[8078519].message }}
    • Profile picture of the author Karen Blundell
      I wanted to add- if you insist on using WordPress on your site - only install plugins that are updated on a regular basis and from trusted sources. Don't assume that if you paid for a plugin it is automatically safe.

      After using WordPress for many years, and as a contributor of WordPress.org, and advocate, I am extremely distressed that such a fine piece of OpenSource software has become an even bigger target for hackers, spammers, content theft, and other nasty stuff.

      My best advice to anyone who is about to launch a website - find out what everyone is using - and do the opposite. And try to not let anyone know what you are using to run your site if at all possible.

      As much as it pains me - that means no WordPress, no Drupal,and no Joomla - pick something that the masses don't use -

      if you have the resources to pay for a custom solution - all the better.

      stay safe.
      Signature
      ---------------
      {{ DiscussionBoard.errors[8078787].message }}
      • Profile picture of the author Cayce Columbia
        Thank you very much everyone. I'll have to thank each of you individually later.

        I've been trying to implement what you have suggested as much as possible. Although the attack is spreading to my other sites, I know how to deal with it now. I couldn't have survived this first hacking attempt experience without your enormous help.

        I haven't been sleeping much because of this issue and my eyeballs are red and hurting.
        Anyway, thanks everyone.
        {{ DiscussionBoard.errors[8080352].message }}
  • Profile picture of the author geekology
    If you can afford little bit of money take help from the super folks at Sucuri I was hacked too last year, their swift response meant my blog was hack free soon.

    You can check the link in my signature to read my story.
    {{ DiscussionBoard.errors[8080606].message }}
  • Profile picture of the author ryuchi
    Wordpress gave me a serious headache. But I can attest that betterwp security worked. If only I had discovered it sooner. I already made my move from wordpress and now I can sleep peacefully at night. Wordpress is prone to hackers and high security maintenance is needed to make things work.

    Ryuchi
    {{ DiscussionBoard.errors[8081457].message }}
    • Profile picture of the author smodha
      Originally Posted by ryuchi View Post

      Wordpress gave me a serious headache. But I can attest that betterwp security worked. If only I had discovered it sooner. I already made my move from wordpress and now I can sleep peacefully at night. Wordpress is prone to hackers and high security maintenance is needed to make things work.

      Ryuchi
      The reason it's prone to hackers is that 40% of all CMS platforms use WordPress and due to the lack of security awareness, WP sites are getting tanked.

      At the end of the day, with enough time and resources any site can be hacked. I remember a few years back when the RSA corporation was hacked. These are the guys that provide encrypted security tokens to every type of business from banks to credit card companies. One breach cost them millions of dollars and they had to issue 40 million new tokens because personal data was compromised.

      The only way you can stop it is to go below the radar or go offline.
      Signature
      I Sell What People Want. The Money Is A Bonus..
      {{ DiscussionBoard.errors[8081565].message }}
  • Profile picture of the author reckless
    there is one awesome wp plugin
    which will help to save your blogs from attackers

    http://wpbruteforce.com/
    {{ DiscussionBoard.errors[8082622].message }}
  • Profile picture of the author seobro
    That is the story of my life now. After a while you will be banned by web hosting companies. Well, that is because you are too much or a worry. Like they are in this business to make money. Be careful about posting things that are controversial and could cause your more pain. Best strategy is to avoid saying things that are going to get you on a haters radar screen. For example, saying things that are taboo can cause you woe.
    {{ DiscussionBoard.errors[8082655].message }}
  • I suggest you can use cloudflare to further protect you from website attack. It is a free service and quite useful.
    {{ DiscussionBoard.errors[8083315].message }}
    • Profile picture of the author plfbus
      Originally Posted by robertgreen View Post

      I suggest you can use cloudflare to further protect you from website attack. It is a free service and quite useful.
      Cloudflare hasn't helped for me - my blog many of the plugins mentioned above installed was still attacked last week; I got Sucuri to clean it up as it's not my area of expertise.
      {{ DiscussionBoard.errors[8092126].message }}
  • Profile picture of the author abbe77
    install wordpress in subdirectory and change your root index.php file to locate this sub-directory.
    require('./sub-directory-name/wp-blog-header.php');
    {{ DiscussionBoard.errors[8089534].message }}
  • Profile picture of the author Targetz
    Does changing the table prefix from wp_. To something like hg_. Or so adds any value to?
    {{ DiscussionBoard.errors[8089549].message }}
    • Profile picture of the author RobinInTexas
      Originally Posted by Targetz View Post

      Does changing the table prefix from wp_. To something like hg_. Or so adds any value to?
      It eliminates one small not often used attack vector, I don't change it on established sites due to the possibility of breaking things.

      On a new install I will do it by editing the wp-config.php immediately after letting fantastico do the install.
      Signature

      Robin



      ...Even if you're on the right track, you'll get run over if you just set there.
      {{ DiscussionBoard.errors[8092246].message }}
  • Profile picture of the author clg21
    Make sure your plugins and templates are up to date and make sure you have installed and antivirus which is also up to date. Always keep a back-up of all your files and update your password everyday to prevent attacks. Make sure you create a complex password too, there are softwares and password generators that could help you with that task. Good luck!
    {{ DiscussionBoard.errors[8089687].message }}
  • Profile picture of the author cferfland247
    You can use any CAPTCHA plugin in your login page to stop automated login attempts.
    {{ DiscussionBoard.errors[8089846].message }}
  • Profile picture of the author Steven Miranda
    My wordpress was hacked few weeks ago, happening a lot lately. There is a plugin , don't remember the name that will hide your wordpress install from hackers..scanners etc.
    {{ DiscussionBoard.errors[8091141].message }}
  • Profile picture of the author Jtraits
    usually it is an automated attack that they are trying combinations... if you install the above plugins that have been mentioned, rename your login file, choose username and password that are complicated, you are more secure than before... not 100% but it is still safer
    {{ DiscussionBoard.errors[8091629].message }}
  • Profile picture of the author Rukshan
    You can use incapsula WAF to protect your site from hackers. You can block any country if you don't need any visitors from a particular country.
    Signature

    {{ DiscussionBoard.errors[8091718].message }}
  • Profile picture of the author eugenedm
    Search for security test on Fiverr. For $5, the guy will tell you what you need to do to protect against those @#ckers...
    Signature

    WARNING: A 50 Million Dollar Man Taught Me His Secret... Which Resulted 6,000 Sign-ups on My Email List.

    "It's easier than you think..."

    => Watch this video here...
    Build Your List to 6,000 Subscribers

    {{ DiscussionBoard.errors[8092288].message }}
    • Profile picture of the author daftdog
      Get a huge fence built around your site, arm yourself with with a wide spreading long rifle.ie. a 12'bore remington pump action shotgun (will take 5 to 6 cartridages), get a decent 9mm ( i always use either glock or a high power browning, 9mils may be not as strong as some sidearms around but id rather have more rounds than more power), get yourself some fuc*king big strong dogs (Im an amstafff man but they are a bit human friendly at times), use rotties, get NVG's, put up cameras with night vision around the site and wait....you'll get them...i also recommend a large folding lock back folding blade (you can use it to make sandwiches or my favourite, stab rapidly into the right or left handside below the ribs and twist up). Though u will never get close enough with the fire power u have....

      Contact your hosting and tell them the problem. If you have a huge authority site and you have let this happen.....set the dogs on yourself and finish yoursel with a round to the temple.
      Signature
      MMO Product Reviews, Bonus Products and Marketing News!!
      The Wolf of Online Marketing
      {{ DiscussionBoard.errors[8094487].message }}

Trending Topics