1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Somebody is continuously trying to HACK into my sites!

Discussion in 'Black Hat SEO' started by Jason H, Jan 1, 2013.

  1. Jason H

    Jason H Registered Member

    Joined:
    Jul 13, 2011
    Messages:
    86
    Likes Received:
    12
    For the past 2 weeks, somebody has been continuously forcefully logging into my WordPress Admin CP.

    I have this security plugin "Limited Login Attempt" that blocks the user from their IP who attempts to use brute login after a certain attempts...they're locked out for a certain period of time and I get sent a notification email.

    I've been getting around 20 lockouts a day...all from different IP addresses (so they're using proxies or if this is some sort of bots being sent to do it).

    I've no longer use the "admin" username, but this is becoming intolerable.

    What can I do? Any advice?
     
  2. twitter.followers

    twitter.followers Elite Member

    Joined:
    Mar 23, 2011
    Messages:
    1,768
    Likes Received:
    2,208
    Install some more security plugins which will decrease the chances of their successful login.
    Also, if you have static IP, you could whitelist your IP which would allow only you to access the /wp-admin/ page.
    But don't use this method if you have dynamic IP since then you won't be able to login yourself.
     
  3. goodtimes

    goodtimes Power Member

    Joined:
    Jan 25, 2009
    Messages:
    530
    Likes Received:
    572
  4. cgimaster

    cgimaster Power Member

    Joined:
    Jun 30, 2012
    Messages:
    525
    Likes Received:
    311
    Gender:
    Male
    Add htaccess to password protect it so you get double protection.

    He will have to bypass apache's authentication to even get a chance of reaching the admin auth which will decrease the usage a little.

    EDIT: this should do what I above suggest as a plugin so you can easily use it http://www.askapache.com/wordpress/htaccess-password-protect.html
     
    Last edited: Jan 1, 2013
  5. Smart SEO

    Smart SEO Senior Member

    Joined:
    Apr 17, 2011
    Messages:
    857
    Likes Received:
    759
    Location:
    Google HQ
    I had this issue with a popular site of mine a while back. I tried lots of security plugins but honestly none helped (or maybe the hacker(s) where good to bypass them) the solution i managed to come up with is phone my ISP and ask them to get a static ip. Once they give you one only allow your ip to access the admin panel. Its the safest option in my opinion. Good luck
     
  6. Zapdos

    Zapdos Power Member

    Joined:
    Oct 22, 2011
    Messages:
    597
    Likes Received:
    708
    Location:
    Eastern North Carolina
    Limit the admin directory to your IP only. You could also use htaccess to password protect the directory.
     
  7. cgimaster

    cgimaster Power Member

    Joined:
    Jun 30, 2012
    Messages:
    525
    Likes Received:
    311
    Gender:
    Male
    Well you don't really need a static ip, you could block it to everyone using a htaccess and unblock it using ftp when u need to access it by adding your current IP to the list.
     
  8. TechWizard

    TechWizard Newbie

    Joined:
    Dec 30, 2012
    Messages:
    23
    Likes Received:
    1
    Keep changing your password!
     
  9. seothtt

    seothtt Newbie

    Joined:
    Dec 14, 2012
    Messages:
    14
    Likes Received:
    6
    If you have access to your WHM, login, go to "Service Configuration", "Apache Configuration" , "Include Editor" , "Pre VirtualHost Include" , "All Versions"

    Put this in there:

    <Directory ~ "\wp-admin">
    Order Deny,Allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx your IP
    </Directory>


    <Files wp-login.php>
    order Deny,Allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx your IP
    </Files>

    Save and restart Apache. This will only allow anyone from that IP to access your wp-admin or wp-login areas. Since I have done this, I haven't had a single problem. If you find you need to access your site from a different IP, just log into your WHM and change the IP.

    Thanks,
    Richard
     
    • Thanks Thanks x 5
  10. Jason H

    Jason H Registered Member

    Joined:
    Jul 13, 2011
    Messages:
    86
    Likes Received:
    12
    thanks for all the great suggestions
     
  11. bonzo90

    bonzo90 Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 2, 2012
    Messages:
    505
    Likes Received:
    270
    Location:
    EU
    Make a small graphical change to your wp-admin page with a massive picture of a dick on it saying, f**K off you cock!
     
  12. MrOctopus

    MrOctopus Newbie

    Joined:
    Jun 20, 2012
    Messages:
    37
    Likes Received:
    12
    You can change the wp-admin URL to something else, it's a fairly straight forward thing to do - the process is explained on the WP Codex page about hardening.
     
    • Thanks Thanks x 1
  13. MarthaJos

    MarthaJos BANNED BANNED

    Joined:
    Jul 6, 2012
    Messages:
    42
    Likes Received:
    10
    I had the same issue a while back. there was not a single plugin which I didn't used but those guys who were trying to get into the admin panel of my website were pretty good.
    Then I searched for many solutions which includes:
    1. Get a static IP. this will solve the problem by almost 99% until they find out that particular IP.

    This is my fav and curently using this.
    2. create two .htaccess files for your wp blog.
    Normal .htaccess: which enables the access to /wp-admin/ and .htaccess file itself from your static IP.
    Protected .htaccess: which disables the access to /wp-admin/ and .htaccess file itself from any IP.

    add this code in your current .htaccess file
    Normal .htaccess file:
    <Directory ~ "\wp-admin">
    Order Deny,Allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx your IP
    </Directory>


    <Files wp-login.php>
    order Deny,Allow
    Deny from all
    Allow from xxx.xxx.xxx.xxx your IP
    </Files>
    ------------------------------
    Protected .htaccess file

    <Directory ~ "\wp-admin">
    Order Deny,Allow
    Deny from all
    </Directory>


    <Files wp-login.php>
    order Deny,Allow
    Deny from all
    </Files>

    FTP the normal .htaccess file when you need to login to the admin panel.
    FTP back the protected .htaccess file your work in the admin panel is done.

    this way you will be more secured.
    Thank me If I was helpful.
     
    • Thanks Thanks x 1
  14. tophi

    tophi Regular Member

    Joined:
    Sep 7, 2012
    Messages:
    402
    Likes Received:
    72
    I have this issue since 1 year. 2 of my blogs are daily brute forced, I use better-wp-security and I'm still not hacked :D matter of time I guess hehehe