How to stop WORDPRESS attacks to your site.

 

Results 1 to 18 of 18
Ever since I hired a Chinese developer on oDesk and gave him access to my ...
  1. #1
    ipcorp's Avatar
    ipcorp is offline Junior Member
    Join Date
    Oct 2012
    Posts
    191
    Thanks
    81
    Thanked 168 Times in 43 Posts
    Blog Entries
    2

    Default How to stop WORDPRESS attacks to your site.

    Ever since I hired a Chinese developer on oDesk and gave him access to my sites cpanel I started to get these messages from my VPS provider that my server is sending out millions of emails per hour. So their system was suspending my server and killing all of my clients sites. This was happening every other day, for the past several months. I just kept bitching at my VPS provider that I am not sending them. Then finally I decided, maybe I should look into this and fix it myself.

    I finally took care of this issue with 2 simple plugins.

    Botnet Attack Blocker Temporarily block all admin logins after multiple failed attempts - helps to prevent brute force botnet attacks from multiple IP addresses.
    and


    HC Custom WP-Admin URL
    Small and simple plugin that allows you to change url of wp-admin
    You can easily find them via the Admin plugin panel in Wordpress.

    Ever since I installed these plugins, I have had no attacks whatsoever.

    Hope this helps one or two people.

    Enjoy!!!

  2. The Following 8 Users Say Thank You to ipcorp For This Useful Post:

    BIGBIGBIGMamas (06-28-2013), ch8878 (06-24-2013), CredibleZephyre (06-28-2013), mandude (06-24-2013), seo-world (06-28-2013), shtrudla (06-24-2013), tompots (06-24-2013), Web Echo (06-28-2013)




  3. #2
    fmOzilla's Avatar
    fmOzilla is offline Power Member
    Join Date
    Nov 2011
    Location
    C:\Windows\System32
    Posts
    719
    Thanks
    188
    Thanked 361 Times in 149 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Yeah it's lot of helped me Thanks for the info

  4. #3
    HeRBaR's Avatar
    HeRBaR is offline Supreme Member
    Join Date
    Aug 2011
    Location
    localhost
    Posts
    1,206
    Thanks
    266
    Thanked 906 Times in 409 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Recently I am getting a lot of emails that someone is trying to find my wp admin password...
    Maybe this plugins can help me...
    Thank You...

  5. #4
    ch8878's Avatar
    ch8878 is offline Elite Member
    Join Date
    Mar 2009
    Posts
    2,095
    Thanks
    924
    Thanked 339 Times in 251 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Thanks, will have to try them out.

  6. #5
    dogmann11 is offline Banned - see signature
    Join Date
    Jan 2010
    Location
    Nashville
    Posts
    141
    Thanks
    39
    Thanked 36 Times in 25 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    The Limit Login Attempts free Wordpress plugin has nearly a perfect 5 star rating, is configurable and easy. It does a good job as well...
    dogmann11 is banned from BHW. The next time they will be able to access the site is Monday 22nd September 2014 09:00 PM.

  7. The Following User Says Thank You to dogmann11 For This Useful Post:

    ch8878 (06-24-2013)

  8. #6
    jing0 is offline Registered Member
    Join Date
    Apr 2012
    Posts
    78
    Thanks
    92
    Thanked 8 Times in 8 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Recently there have been two separate occasions where botnets have been used to attempt to login to millions of wordpress sites with common credentials (such as username:admin password: password123) - see here for an article: http://www.zdnet.com/wordpress-hit-b...rn-7000014019/

    To prevent these attacks, firstly, don't use common credentials like admin : password123. You should also be using different credentials for every site you use. If you're a member of one site, and it gets hacked and you use the same username and password to access another site...you're gonna have a bad time. Memorizing a different password for every website is pretty much impossible, however, so I highly recommend using a password manager, like Last Pass (https://lastpass.com/).

    Secondly, like OP has suggested, change the default URL you use to access wp-login. Thirdly, also as OP suggested, limit the number of login attempts that are allowed.

    Following these steps will prevent 99% of automated attacks.
    Last edited by jing0; 06-24-2013 at 06:07 PM.

  9. The Following User Says Thank You to jing0 For This Useful Post:

    ipcorp (06-24-2013)

  10. #7
    mandude's Avatar
    mandude is offline Jr. VIP
    Join Date
    Feb 2008
    Location
    Tampa FL
    Posts
    690
    Thanks
    101
    Thanked 268 Times in 73 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    THis may be useful to me. I dont use common pw or anything, but I have tons of blogs and some go un- updated, and I get hacked. I too get those emails. I went into cpanel and changed it so my server can only send like 10-20 emails per hr or so (i dont send more than that), that helped stop getting my IP banned and marked as spam. It was a good start to the problem, but not to actually solve it. but the attacks kept happening

  11. #8
    dzanzil's Avatar
    dzanzil is offline Registered Member
    Join Date
    Feb 2013
    Location
    Bucharest
    Posts
    73
    Thanks
    6
    Thanked 5 Times in 5 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    I have to try them out, I got big problems with Wordpress now.

  12. #9
    tompots's Avatar
    tompots is offline AutoBotSolutions.com
    Join Date
    Dec 2011
    Location
    AutoBotSolutions.com
    Posts
    3,047
    Thanks
    2,218
    Thanked 2,859 Times in 1,514 Posts
    Blog Entries
    8

    Default Re: How to stop WORDPRESS attacks to your site.

    This is great I have a huge network of wordpress sites, attacks happen all the time, hopefully this will reduce the problem. + rep from me for the great share.

  13. #10
    CashRobber's Avatar
    CashRobber is offline Newbies
    Join Date
    Jun 2013
    Posts
    30
    Thanks
    5
    Thanked 4 Times in 3 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Good plugins

  14. #11
    ZestMedia's Avatar
    ZestMedia is offline Jr. VIP
    Join Date
    Mar 2013
    Posts
    276
    Thanks
    19
    Thanked 16 Times in 16 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Thank you for sharing on the plugin. I protect my sites with Sucuri security.

  15. #12
    SpookSEO's Avatar
    SpookSEO is offline Power Member
    Join Date
    Dec 2012
    Location
    London, UK
    Posts
    762
    Thanks
    32
    Thanked 154 Times in 144 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    That's a great way of blocking/stopping wordpress attacks. Thanks a bunch for sharing this post.

  16. #13
    garrido's Avatar
    garrido is offline Jr. VIP
    Join Date
    Nov 2011
    Location
    Hackerland
    Posts
    1,304
    Thanks
    459
    Thanked 324 Times in 236 Posts
    Blog Entries
    1

    Default Re: How to stop WORDPRESS attacks to your site.

    Try incapsula dot com.

  17. #14
    seo-world's Avatar
    seo-world is offline Registered Member
    Join Date
    Oct 2009
    Posts
    70
    Thanks
    17
    Thanked 15 Times in 13 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Great Info. These days wordpress attacks are getting higher. These type of informations help others in future.

  18. #15
    ezines's Avatar
    ezines is offline Power Member
    Join Date
    Jan 2011
    Location
    Somewhere On Earth
    Posts
    652
    Thanks
    132
    Thanked 186 Times in 146 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    These attacks are really annoying. I'm using stealth login page to hide login page. I was using wordfence prior to that, but it slows down the website significantly...

  19. #16
    spmcnerd's Avatar
    spmcnerd is offline Regular Member
    Join Date
    Dec 2010
    Posts
    249
    Thanks
    94
    Thanked 84 Times in 78 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Great tools. What did the Chinese developer you gave access to do?

  20. #17
    sfidirectory's Avatar
    sfidirectory is offline Senior Member
    Join Date
    Mar 2010
    Location
    Earn 5% BTC per day - leancy.elementfx.com
    Posts
    880
    Thanks
    577
    Thanked 465 Times in 158 Posts
    Blog Entries
    1

    Cool Re: How to stop WORDPRESS attacks to your site.

    A month or so ago I kept getting brute force attempts from a Czech Republic I.P, so I just implemented a two-factor authentication for logins - which sends an alert or passcode to my phone. This stopped the attacks immediately, but I also added some plugins to block bad I.P addresses, and also using CloudFlare.

    These are the plugins I think you should also use:


    • Akismet
    • Bad Behavior
    • BulletProof Security
    • Duo Two-Factor Authentication
    • IP Blacklist Cloud
    • CloudFlare


    These plugins are good for securing your site/s, but this isn't where the protection ends... make sure your server is secure (with strong passwords, decent firewall, etc), and make sure you use SFTP when transferring files to and from your server (or ssh). Also make sure the machine your using has good antivirus protection (Kaspersky and Avast are ones I can recommend) - a few years ago I had a rogue virus infect a site of mine because my virus protection wasn't up to date.

  21. #18
    ramnath is offline Regular Member
    Join Date
    Jan 2012
    Posts
    241
    Thanks
    86
    Thanked 128 Times in 50 Posts

    Default Re: How to stop WORDPRESS attacks to your site.

    Thanks a lot !!


Similar Threads

  1. WordPress botnet Attacks - How to secure your platform
    By BigoS in forum BlackHat Lounge
    Replies: 0
    Last Post: 04-14-2013, 02:02 PM
  2. Replies: 12
    Last Post: 04-12-2013, 08:37 PM
  3. Replies: 7
    Last Post: 05-21-2012, 12:53 AM
  4. Replies: 10
    Last Post: 12-05-2011, 08:31 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  




BlackHatWorld on Twitter BlackHatWorld on FaceBook


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108