1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[CODE] Restrict hackers from your WordPress side.

Discussion in 'Blogging' started by S2Term, Mar 8, 2016.

  1. S2Term

    S2Term Junior Member

    Joined:
    May 6, 2014
    Messages:
    139
    Likes Received:
    56
    I never really worried about hackers getting into my sites because they were small. Until I discovered one of my abandoned sites was completely replaced by an affiliate health site. I was fucking pissed. My password sucked and admin username was published on an article, I was lazy but still, fuck off.

    Installing a limit login attempts restricted access but I still kept getting brute force attacks. WordFence worked OK, but was kind of confusing. So after some searching I found a couple of .htaccess recommendations and put them together. This was put up 2 days ago and I've had no hacker traffic. So it looks like it's working. First I'm not a coder, these are just thing I pulled together that seemed to work. If anybody has criticisms, you're probably right and I'd love to hear further recommendations.

    The #Begin WordPress part sends traffic to an error page. I put in my entire URL and it works or you could use it as listed in the example.
    The next part checks on incoming IP's. So if you IP is not 111.111.111.111 or 222.222.222.222 and you try to get to the admin folder or the admin login page you are directed to the error files. You can add IP's if you login from more than a couple of IP's.

    After implementing this I was still getting lockouts and brute force attempts. Some searching led me to the last part, XML RPC. For a lot of my sites I don't use XML RPC, but there will be a lot of plugins that do. So this might not work if you're using JetPack or other plugins.


    Code:
    # BEGIN WordPress
    ErrorDocument 401 /error401.php
    ErrorDocument 403 /error403.php
     
    <IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
    RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
    RewriteCond %{REMOTE_ADDR} !^111.111.111.111$
    RewriteCond %{REMOTE_ADDR} !^222.222.222.222$
    RewriteRule ^(.*)$ - [R=403,L]
    </IfModule>
     
    <IfModule mod_setenvif.c>
      <Files xmlrpc.php>
        BrowserMatch "Poster" allowed
        BrowserMatch "WordPress" allowed
        BrowserMatch "Windows Live Writer" allowed
        BrowserMatch "wp-iphone" allowed
        BrowserMatch "wp-android" allowed
        BrowserMatch "wp-windowsphone" allowed
     
        Order Deny,Allow
        Deny from All
        Allow from env=allowed
      </Files>
    </IfModule>
    Add this to your current .htaccess file and put it in the root folder of your site.
     
    • Thanks Thanks x 1
  2. Zwielicht

    Zwielicht Moderator Staff Member Moderator Jr. VIP

    Joined:
    Aug 31, 2013
    Messages:
    7,717
    Likes Received:
    13,856
    Gender:
    Male
    Occupation:
    Death
    Location:
    Riverside, California
    Home Page:
    One of my client's websites was hacked before they hired me to recover it. The person who hacked the website was using it as a link farm, so they were pissed off when I regained access and rebuilt the website from scratch after completely wiping everything off the server. They launched a brute-force attack for weeks before I finally had it and installed this plugin (along with taking several other security measures) to rename the wp-login page.
    https://wordpress.org/plugins/rename-wp-login/

    Since then, I haven't had any issues with brute-force attacks and my client's site has been clean for over a year now.

    Anyway, that's a neat little suggestion you made there about using .htaccess. I'll probably look into that one for another website I manage.
     
    • Thanks Thanks x 2
  3. abhi007

    abhi007 Jr. VIP Jr. VIP

    Joined:
    Aug 31, 2010
    Messages:
    5,867
    Likes Received:
    3,947
    Location:
    Theatre of dreams :)
    Will suggest this to our team and hopefully we can implement it.
     
  4. S2Term

    S2Term Junior Member

    Joined:
    May 6, 2014
    Messages:
    139
    Likes Received:
    56
    Even after renaming I found I was still getting brute force lockouts.

    Use any limit login attempts to see how many attempts are being made. For me it was bots through XML-PRC so the location of your admin folder doesn't matter.
     
  5. saberfang94

    saberfang94 Junior Member

    Joined:
    Apr 27, 2014
    Messages:
    144
    Likes Received:
    28
    Gender:
    Male
    Occupation:
    IT Man
    Location:
    FarFarAway
    will try this one out since it's useful to WP
     
  6. IceHD

    IceHD Power Member

    Joined:
    May 8, 2013
    Messages:
    528
    Likes Received:
    216
    Occupation:
    SEO, SEM, HTML5&CSS3 Coder
    Location:
    Not Romania
    Good code, but what if you have a dynamic IP :D for that I use Wordfence or iThemes Security, with any of these you will be way safer
     
  7. SEO FOX

    SEO FOX Jr. VIP Jr. VIP

    Joined:
    Apr 27, 2015
    Messages:
    3,715
    Likes Received:
    753
    Gender:
    Male
    Location:
    Infront Of U!!
    Home Page:
    Thanks for the code, Will try this.
     
  8. S2Term

    S2Term Junior Member

    Joined:
    May 6, 2014
    Messages:
    139
    Likes Received:
    56
    Yeah, I should've mentioned that if there's a Dynamic IP it's not going to work. I pretty much work at home or though a VPN so my IP's are generally the same. I was still getting XML PRC attacks with WordFence.
     
  9. Donbuffy

    Donbuffy Jr. VIP Jr. VIP

    Joined:
    Jul 23, 2012
    Messages:
    386
    Likes Received:
    68
    Gender:
    Male
    Occupation:
    Self Employed
    Nice tut, would try it out on one of my websites :)
     
  10. Donbuffy

    Donbuffy Jr. VIP Jr. VIP

    Joined:
    Jul 23, 2012
    Messages:
    386
    Likes Received:
    68
    Gender:
    Male
    Occupation:
    Self Employed
    been looking for something like this before... :)
     
  11. living2xl

    living2xl Jr. VIP Jr. VIP

    Joined:
    Dec 9, 2011
    Messages:
    1,735
    Likes Received:
    415
    Occupation:
    Sippin dat juice - Shout it louder!
    Location:
    Not sleeping!
    Home Page:
    It's looking useful to be comfortable with our site. It's looking good, I'll try it.
    I update my site after every minute so, hackers can't get access to my site.
    This thread is very useful for everyone.
     
  12. S2Term

    S2Term Junior Member

    Joined:
    May 6, 2014
    Messages:
    139
    Likes Received:
    56
    If you could report back with how it is working. So far I haven't had any issues but i'd like to see if others are having success.