How to stop WORDPRESS attacks to your site.

 

Results 1 to 18 of 18
Ever since I hired a Chinese developer on oDesk and gave him access to my ...
  1. #1
    ipcorp's Avatar
    ipcorp is offline Junior Member
    Join Date
    Oct 2012
    Posts
    189
    Thanks
    80
    Thanked 167 Times in 43 Posts
    Blog Entries
    2

    Default How to stop WORDPRESS attacks to your site.

    Ever since I hired a Chinese developer on oDesk and gave him access to my sites cpanel I started to get these messages from my VPS provider that my server is sending out millions of emails per hour. So their system was suspending my server and killing all of my clients sites. This was happening every other day, for the past several months. I just kept bitching at my VPS provider that I am not sending them. Then finally I decided, maybe I should look into this and fix it myself.

    I finally took care of this issue with 2 simple plugins.

    Botnet Attack Blocker Temporarily block all admin logins after multiple failed attempts - helps to prevent brute force botnet attacks from multiple IP addresses.
    and


    HC Custom WP-Admin URL
    Small and simple plugin that allows you to change url of wp-admin
    You can easily find them via the Admin plugin panel in Wordpress.

    Ever since I installed these plugins, I have had no attacks whatsoever.

    Hope this helps one or two people.

    Enjoy!!!

  2. The Following 8 Users Say Thank You to ipcorp For This Useful Post:

    BIGBIGBIGMamas (06-28-2013), ch8878 (06-24-2013), CredibleZephyre (06-28-2013), mandude (06-24-2013), seo-world (06-28-2013), shtrudla (06-24-2013), tompots (06-24-2013), Web Echo (06-28-2013)




  3. #2
    fmOzilla's Avatar
    fmOzilla is offline Power Member
    Join Date
    Nov 2011
    Location
    C:\Windows\System32
    Posts
    719
    Thanks
    188
    Thanked 361 Times in 149 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Yeah it's lot of helped me Thanks for the info

  4. #3
    HeRBaR's Avatar
    HeRBaR is offline Web Designer & Developer
    Join Date
    Aug 2011
    Location
    localhost
    Posts
    1,205
    Thanks
    262
    Thanked 903 Times in 408 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Recently I am getting a lot of emails that someone is trying to find my wp admin password...
    Maybe this plugins can help me...
    Thank You...

  5. #4
    ch8878's Avatar
    ch8878 is offline Elite Member
    Join Date
    Mar 2009
    Location
    ChrisLance.net
    Posts
    2,089
    Thanks
    919
    Thanked 338 Times in 250 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Thanks, will have to try them out.

  6. #5
    dogmann11's Avatar
    dogmann11 is offline Junior Member
    Join Date
    Jan 2010
    Location
    Nashville
    Posts
    136
    Thanks
    38
    Thanked 35 Times in 24 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    The Limit Login Attempts free Wordpress plugin has nearly a perfect 5 star rating, is configurable and easy. It does a good job as well...

  7. The Following User Says Thank You to dogmann11 For This Useful Post:

    ch8878 (06-24-2013)

  8. #6
    jing0 is offline Registered Member
    Join Date
    Apr 2012
    Posts
    78
    Thanks
    92
    Thanked 8 Times in 8 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Recently there have been two separate occasions where botnets have been used to attempt to login to millions of wordpress sites with common credentials (such as username:admin password: password123) - see here for an article: http://www.zdnet.com/wordpress-hit-b...rn-7000014019/

    To prevent these attacks, firstly, don't use common credentials like admin : password123. You should also be using different credentials for every site you use. If you're a member of one site, and it gets hacked and you use the same username and password to access another site...you're gonna have a bad time. Memorizing a different password for every website is pretty much impossible, however, so I highly recommend using a password manager, like Last Pass (https://lastpass.com/).

    Secondly, like OP has suggested, change the default URL you use to access wp-login. Thirdly, also as OP suggested, limit the number of login attempts that are allowed.

    Following these steps will prevent 99% of automated attacks.
    Last edited by jing0; 06-24-2013 at 06:07 PM.

  9. The Following User Says Thank You to jing0 For This Useful Post:

    ipcorp (06-24-2013)

  10. #7
    mandude's Avatar
    mandude is offline Jr. VIP
    Join Date
    Feb 2008
    Location
    Tampa FL
    Posts
    671
    Thanks
    100
    Thanked 267 Times in 72 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    THis may be useful to me. I dont use common pw or anything, but I have tons of blogs and some go un- updated, and I get hacked. I too get those emails. I went into cpanel and changed it so my server can only send like 10-20 emails per hr or so (i dont send more than that), that helped stop getting my IP banned and marked as spam. It was a good start to the problem, but not to actually solve it. but the attacks kept happening

  11. #8
    dzanzil's Avatar
    dzanzil is offline Registered Member
    Join Date
    Feb 2013
    Location
    Bucharest
    Posts
    73
    Thanks
    6
    Thanked 5 Times in 5 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    I have to try them out, I got big problems with Wordpress now.

  12. #9
    tompots's Avatar
    tompots is offline AutoBotSolutions.com
    Join Date
    Dec 2011
    Location
    AutoBotSolutions.com
    Posts
    2,979
    Thanks
    2,145
    Thanked 2,805 Times in 1,482 Posts
    Blog Entries
    8

    Default Re: How to stop WORDPRESS attacks to your site.

    This is great I have a huge network of wordpress sites, attacks happen all the time, hopefully this will reduce the problem. + rep from me for the great share.

  13. #10
    CashRobber's Avatar
    CashRobber is offline Newbies
    Join Date
    Jun 2013
    Posts
    30
    Thanks
    5
    Thanked 4 Times in 3 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Good plugins

  14. #11
    ZestMedia's Avatar
    ZestMedia is offline Jr. VIP
    Join Date
    Mar 2013
    Posts
    244
    Thanks
    18
    Thanked 15 Times in 15 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Thank you for sharing on the plugin. I protect my sites with Sucuri security.

  15. #12
    SpookSEO's Avatar
    SpookSEO is offline Power Member
    Join Date
    Dec 2012
    Location
    London, UK
    Posts
    589
    Thanks
    32
    Thanked 133 Times in 123 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    That's a great way of blocking/stopping wordpress attacks. Thanks a bunch for sharing this post.

  16. #13
    garrido's Avatar
    garrido is offline Jr. VIP
    Join Date
    Nov 2011
    Location
    Hackerland
    Posts
    1,302
    Thanks
    459
    Thanked 324 Times in 236 Posts
    Blog Entries
    1

    Default Re: How to stop WORDPRESS attacks to your site.

    Try incapsula dot com.

  17. #14
    seo-world's Avatar
    seo-world is offline Registered Member
    Join Date
    Oct 2009
    Posts
    70
    Thanks
    17
    Thanked 15 Times in 13 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Great Info. These days wordpress attacks are getting higher. These type of informations help others in future.

  18. #15
    ezines's Avatar
    ezines is online now Power Member
    Join Date
    Jan 2011
    Location
    Somewhere On Earth
    Posts
    650
    Thanks
    131
    Thanked 186 Times in 146 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    These attacks are really annoying. I'm using stealth login page to hide login page. I was using wordfence prior to that, but it slows down the website significantly...

  19. #16
    spmcnerd's Avatar
    spmcnerd is offline Regular Member
    Join Date
    Dec 2010
    Posts
    248
    Thanks
    94
    Thanked 84 Times in 78 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Great tools. What did the Chinese developer you gave access to do?

  20. #17
    sfidirectory's Avatar
    sfidirectory is offline Senior Member
    Join Date
    Mar 2010
    Location
    Earn 5% BTC per day - leancy.elementfx.com
    Posts
    879
    Thanks
    577
    Thanked 465 Times in 158 Posts
    Blog Entries
    1

    Cool Re: How to stop WORDPRESS attacks to your site.

    A month or so ago I kept getting brute force attempts from a Czech Republic I.P, so I just implemented a two-factor authentication for logins - which sends an alert or passcode to my phone. This stopped the attacks immediately, but I also added some plugins to block bad I.P addresses, and also using CloudFlare.

    These are the plugins I think you should also use:


    • Akismet
    • Bad Behavior
    • BulletProof Security
    • Duo Two-Factor Authentication
    • IP Blacklist Cloud
    • CloudFlare


    These plugins are good for securing your site/s, but this isn't where the protection ends... make sure your server is secure (with strong passwords, decent firewall, etc), and make sure you use SFTP when transferring files to and from your server (or ssh). Also make sure the machine your using has good antivirus protection (Kaspersky and Avast are ones I can recommend) - a few years ago I had a rogue virus infect a site of mine because my virus protection wasn't up to date.

  21. #18
    ramnath is offline Regular Member
    Join Date
    Jan 2012
    Posts
    240
    Thanks
    86
    Thanked 127 Times in 49 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Thanks a lot !!


Similar Threads

  1. WordPress botnet Attacks - How to secure your platform
    By BigoS in forum BlackHat Lounge
    Replies: 0
    Last Post: 04-14-2013, 02:02 PM
  2. Replies: 12
    Last Post: 04-12-2013, 08:37 PM
  3. Replies: 7
    Last Post: 05-21-2012, 12:53 AM
  4. Replies: 10
    Last Post: 12-05-2011, 08:31 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




BlackHatWorld on Twitter BlackHatWorld on FaceBook


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103