1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to stop WORDPRESS attacks to your site.

Discussion in 'White Hat SEO' started by ipcorp, Jun 24, 2013.

  1. ipcorp

    ipcorp Junior Member

    Joined:
    Oct 8, 2012
    Messages:
    191
    Likes Received:
    184
    Ever since I hired a Chinese developer on oDesk and gave him access to my sites cpanel I started to get these messages from my VPS provider that my server is sending out millions of emails per hour. So their system was suspending my server and killing all of my clients sites. This was happening every other day, for the past several months. I just kept bitching at my VPS provider that I am not sending them. Then finally I decided, maybe I should look into this and fix it myself.

    I finally took care of this issue with 2 simple plugins.

    and


    You can easily find them via the Admin plugin panel in Wordpress.

    Ever since I installed these plugins, I have had no attacks whatsoever.

    Hope this helps one or two people.

    Enjoy!!!
     
    • Thanks Thanks x 8
  2. fmOzilla

    fmOzilla Power Member

    Joined:
    Nov 11, 2011
    Messages:
    714
    Likes Received:
    384
    Location:
    C:\Windows\System32
    Yeah it's lot of helped me Thanks for the info
     
  3. HeRBaR

    HeRBaR Supreme Member

    Joined:
    Aug 15, 2011
    Messages:
    1,215
    Likes Received:
    980
    Occupation:
    Sleeping
    Location:
    localhost
    Home Page:
    Recently I am getting a lot of emails that someone is trying to find my wp admin password...
    Maybe this plugins can help me... :)
    Thank You...
     
  4. ch8878

    ch8878 Elite Member

    Joined:
    Mar 21, 2009
    Messages:
    2,242
    Likes Received:
    427
    Gender:
    Male
    Occupation:
    Gamer
    Location:
    Youtube
    Home Page:
    Thanks, will have to try them out. :)
     
  5. dogmann11

    dogmann11 Junior Member

    Joined:
    Jan 26, 2010
    Messages:
    152
    Likes Received:
    40
    Location:
    Nashville
    The Limit Login Attempts free Wordpress plugin has nearly a perfect 5 star rating, is configurable and easy. It does a good job as well...
     
    • Thanks Thanks x 1
  6. jing0

    jing0 Junior Member

    Joined:
    Apr 15, 2012
    Messages:
    100
    Likes Received:
    12
    Recently there have been two separate occasions where botnets have been used to attempt to login to millions of wordpress sites with common credentials (such as username:admin password: password123) - see here for an article: http://www.zdnet.com/wordpress-hit-by-massive-botnet-worse-to-come-experts-warn-7000014019/

    To prevent these attacks, firstly, don't use common credentials like admin : password123. You should also be using different credentials for every site you use. If you're a member of one site, and it gets hacked and you use the same username and password to access another site...you're gonna have a bad time. Memorizing a different password for every website is pretty much impossible, however, so I highly recommend using a password manager, like Last Pass (https://lastpass.com/).

    Secondly, like OP has suggested, change the default URL you use to access wp-login. Thirdly, also as OP suggested, limit the number of login attempts that are allowed.

    Following these steps will prevent 99% of automated attacks.
     
    • Thanks Thanks x 1
    Last edited: Jun 24, 2013
  7. mandude

    mandude Jr. VIP Jr. VIP Premium Member

    Joined:
    Feb 18, 2008
    Messages:
    797
    Likes Received:
    306
    Location:
    Tampa FL
    THis may be useful to me. I dont use common pw or anything, but I have tons of blogs and some go un- updated, and I get hacked. I too get those emails. I went into cpanel and changed it so my server can only send like 10-20 emails per hr or so (i dont send more than that), that helped stop getting my IP banned and marked as spam. It was a good start to the problem, but not to actually solve it. but the attacks kept happening
     
  8. dzanzil

    dzanzil Registered Member

    Joined:
    Feb 28, 2013
    Messages:
    72
    Likes Received:
    5
    Occupation:
    Student @ Business Administration - ASE
    Location:
    Bucharest
    I have to try them out, I got big problems with Wordpress now.
     
  9. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,352
    Likes Received:
    3,954
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Professional Botters
    Home Page:
    This is great I have a huge network of wordpress sites, attacks happen all the time, hopefully this will reduce the problem. + rep from me for the great share.
     
  10. CashRobber

    CashRobber Newbie

    Joined:
    Jun 24, 2013
    Messages:
    30
    Likes Received:
    4
    Good plugins
     
  11. ZestMedia

    ZestMedia Regular Member

    Joined:
    Mar 29, 2013
    Messages:
    464
    Likes Received:
    28
    Occupation:
    SEO Specialists
    Thank you for sharing on the plugin. I protect my sites with Sucuri security.
     
  12. SpookSEO

    SpookSEO Senior Member

    Joined:
    Dec 15, 2012
    Messages:
    848
    Likes Received:
    180
    Occupation:
    Linkbuilder
    Location:
    London, UK
    Home Page:
    That's a great way of blocking/stopping wordpress attacks. Thanks a bunch for sharing this post.
     
  13. garrido

    garrido Supreme Member

    Joined:
    Nov 28, 2011
    Messages:
    1,301
    Likes Received:
    341
    Occupation:
    Hacker / Developer
    Location:
    Hackerland
    Try incapsula dot com.
     
  14. seo-world

    seo-world Registered Member

    Joined:
    Oct 23, 2009
    Messages:
    70
    Likes Received:
    18
    Great Info. These days wordpress attacks are getting higher. These type of informations help others in future.
     
  15. ezines

    ezines Power Member

    Joined:
    Jan 3, 2011
    Messages:
    712
    Likes Received:
    216
    Occupation:
    Online/Offline
    Location:
    Somewhere On Earth
    These attacks are really annoying. I'm using stealth login page to hide login page. I was using wordfence prior to that, but it slows down the website significantly...
     
  16. spmcnerd

    spmcnerd Regular Member

    Joined:
    Dec 20, 2010
    Messages:
    309
    Likes Received:
    106
    Great tools. What did the Chinese developer you gave access to do?
     
  17. sfidirectory

    sfidirectory Senior Member

    Joined:
    Mar 29, 2010
    Messages:
    881
    Likes Received:
    481
    Occupation:
    Web developer/BTC enthusiast
    Location:
    php artisan make:migration
    Home Page:
    A month or so ago I kept getting brute force attempts from a Czech Republic I.P, so I just implemented a two-factor authentication for logins - which sends an alert or passcode to my phone. This stopped the attacks immediately, but I also added some plugins to block bad I.P addresses, and also using CloudFlare.

    These are the plugins I think you should also use:


    • Akismet
    • Bad Behavior
    • BulletProof Security
    • Duo Two-Factor Authentication
    • IP Blacklist Cloud
    • CloudFlare

    These plugins are good for securing your site/s, but this isn't where the protection ends... make sure your server is secure (with strong passwords, decent firewall, etc), and make sure you use SFTP when transferring files to and from your server (or ssh). Also make sure the machine your using has good antivirus protection (Kaspersky and Avast are ones I can recommend) - a few years ago I had a rogue virus infect a site of mine because my virus protection wasn't up to date.
     
  18. ramnath

    ramnath Regular Member

    Joined:
    Jan 28, 2012
    Messages:
    317
    Likes Received:
    152
    Thanks a lot !!