Is your WP site under attack RIGHT NOW and you don't know it?

by ronr
8 replies
Yesterday and today one of my WP sites is under attack by one of more people try to login. Probably an automated script.

How do I know this is happening?

I'm using a free plugin that emails me when it soemone tries to break in. Not only that I can limit the amount of times they can try to login and I can determine how long they will be locked out.

I've tried a bunch of paid plugins and many of them work but but this one if free so I thought I would pass it along. Even if it's the only security pluging you use it will help you.

I hope this helps.

WordPress › Limit Login Attempts « WordPress Plugins

#attack #site
  • Profile picture of the author technician27
    When I used to run my WP site I used a plug in (can't remember name of it) it was blocking IPs after log in failed a few times. you can set it to as many as times you like. Try this WordPress › Limit Login Attempts « WordPress Plugins or search for wordpress login attempts plugin something.
    {{ DiscussionBoard.errors[8745602].message }}
  • Profile picture of the author Mark Hess
    Ron, that's a great tip...

    Another good plugin to install (although this plugin hasn't been updated in over 2 years it still works like a charm), is Wordpress Firewall 2 - WordPress › WordPress Firewall 2 « WordPress Plugins
    {{ DiscussionBoard.errors[8745629].message }}
  • Profile picture of the author Igman
    Ron, Thank you for this post!

    That's true, many people do not realize that their blogs get hundreds unauthorized login attempts daily. This hacking method is known as a Brute Force attack.

    I would also add several more important precautions.

    1. Installing a captcha plugin on your login page.
    It will increase waiting time for the bots before they reach the login/pass form.

    2. Malware monitoring is also important.
    You need to scan your WordPress core, plug-ins, and themes for changes against the original files. I've been using Wordfence Security for many months. It's a free plugin that helps detect harmful scripts and suspicious changes in your file system.

    3. Changing the WordPress Login Username
    Go to the Profile page and change your username from there. The fact is that most brute force attacks are automated. Bots are using a big dictionary with common words like 'admin', 'administrator', your domain name etc... So to add extra level security, you should use a random username + a strong password (37 characters would be fine) including special characters : $%#@.

    Here is a good example: dHF$3R9iu&W#4tXK@YN7x4cx!Bv%gUEV25sf

    Good luck,

    {{ DiscussionBoard.errors[8745648].message }}
    • Profile picture of the author ronr
      Good responses and ideas.

      Also I've had a couple WP sites get infected with malware to the point that I couldn't login.

      There are people are fiverr who will restore your site and get rid of the malware for $5. Definately worth the money.

      {{ DiscussionBoard.errors[8745993].message }}
  • Profile picture of the author sbucciarel
    I use that plugin. Great plugin to help with Wordpress security
    {{ DiscussionBoard.errors[8746700].message }}
    • Profile picture of the author 1byte
      Wordfence is a great free plugin that will notify you of attacks, and allow you to lock out potential hackers after so many attempts.
      {{ DiscussionBoard.errors[8746756].message }}

Trending Topics