1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[URGENT] Someone is trying to HACK my WP site

Discussion in 'Blogging' started by newon, Sep 18, 2016.

  1. newon

    newon Power Member

    Joined:
    Dec 16, 2011
    Messages:
    524
    Likes Received:
    85
    Since last few hours someone is trying hack my WP site. In last 4 hours more than 500 attemps on my login page.
    >> I changed password to more harder one
    >> I keep blocking IPs .... but he's changing IP frequently
    >> I've added IP block for more than 5 missed attempts.

    What more should I do... please please please help... It's URGENT
     
  2. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,174
    Likes Received:
    2,392
    Occupation:
    blog creator
    Location:
    UK
    • Thanks Thanks x 1
  3. newon

    newon Power Member

    Joined:
    Dec 16, 2011
    Messages:
    524
    Likes Received:
    85
  4. newon

    newon Power Member

    Joined:
    Dec 16, 2011
    Messages:
    524
    Likes Received:
    85
    Now the attack is SEVERE... 1 attempt in every 10 secs.
    My God, can't understand what to do
     
  5. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,174
    Likes Received:
    2,392
    Occupation:
    blog creator
    Location:
    UK
    I always do 1 and from my isp only, nothing more to do
     
  6. sergenthw

    sergenthw Regular Member

    Joined:
    May 19, 2016
    Messages:
    224
    Likes Received:
    38
    Dont be a child. I hate child
    You dont even have to worry if he is attempting brute force
    If you set password like 3jf2#jw$!33j9a there's zero chance he brute force that
    I doubt this but If he is trying some unsual way than just backup your web and close site for few days
    Or you could just buy Wpfence country block module and block the country
     
    • Thanks Thanks x 1
  7. tz4bu

    tz4bu Junior Member

    Joined:
    Jul 19, 2012
    Messages:
    136
    Likes Received:
    12
    Change the admin username also.
     
  8. GhostVision

    GhostVision Jr. VIP Jr. VIP

    Joined:
    Aug 3, 2010
    Messages:
    592
    Likes Received:
    114
    Occupation:
    Online
    Location:
    Dreams
    If you have a strong password... relax :D
     
    • Thanks Thanks x 2
  9. jamulair

    jamulair Junior Member

    Joined:
    Aug 13, 2014
    Messages:
    147
    Likes Received:
    12
    Location:
    The Boondocks
    change it to something like fjio9234uf984fj981jthtn(*)E&W(*TRF&(WESH then youll be fine lmao there is no way he can get in with something like that
     
    • Thanks Thanks x 1
  10. newon

    newon Power Member

    Joined:
    Dec 16, 2011
    Messages:
    524
    Likes Received:
    85
    Those give some relaxation... Have a harder PW now (like you showed), WPFence installed, Backing up all data now.
     
  11. Bigstar20

    Bigstar20 Jr. VIP Jr. VIP

    Joined:
    May 22, 2014
    Messages:
    263
    Likes Received:
    90
    Location:
    Australia
    As someone else mentioned, change the USERNAME, then in wpfence select the option that blocks anyone entering the wrong username - they will normally try to use the word "admin".
     
  12. linuxmansf

    linuxmansf Newbie

    Joined:
    Dec 30, 2014
    Messages:
    14
    Likes Received:
    2
    don't worry. it seems just a try by a kid :)
     
    • Thanks Thanks x 1
  13. Nut-Nights

    Nut-Nights Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2013
    Messages:
    5,039
    Likes Received:
    3,208
    Location:
    Hell
    Home Page:
    OP your age please ?
     
  14. AckAck

    AckAck Jr. VIP Jr. VIP

    Joined:
    Jun 27, 2011
    Messages:
    319
    Likes Received:
    63
  15. GhostVision

    GhostVision Jr. VIP Jr. VIP

    Joined:
    Aug 3, 2010
    Messages:
    592
    Likes Received:
    114
    Occupation:
    Online
    Location:
    Dreams
    Username change not help :) is a trick to find de admin username.. only a good password is safe :)
     
    • Thanks Thanks x 1
  16. Jurr29

    Jurr29 Registered Member

    Joined:
    Sep 1, 2013
    Messages:
    80
    Likes Received:
    43
    Are you, by any chance, using Cloudflare on your site? If you are, then there is an excellent solution to this problem.
     
  17. shanna_doll

    shanna_doll Power Member

    Joined:
    Apr 10, 2012
    Messages:
    653
    Likes Received:
    323
    Location:
    Bosnia and Herzegovina
    Delete wp login page from the server :p
     
  18. ePrime

    ePrime Jr. VIP Jr. VIP

    Joined:
    Aug 16, 2014
    Messages:
    273
    Likes Received:
    105
    Just change the admin directory name from wp_admin to something else (you'll also have to update the config file AFAIK)
    And, password protect that directory from your cPanel.
     
  19. norkodeo

    norkodeo Jr. VIP Jr. VIP

    Joined:
    Feb 1, 2014
    Messages:
    685
    Likes Received:
    148
    Location:
    Europe
    Home Page:
    I dont know if someone mentioned this already but you can :
    1) Change your WP-admin page address - by default it is http://xxx.com/wp-admin - and you can change it to xxx.com/donaldtrumpneverwins
    And I can bet that no one will find this "login" page to massively attack with logins.
    2) Its called CLEF - just google for "get clef" - its 2 steps verification with your phone using your phone camera and barcodes - so in this case you can be much more safe and none of Pakistani haxors will take down your site.
     
    • Thanks Thanks x 2
  20. iwebsocial

    iwebsocial Junior Member

    Joined:
    May 31, 2014
    Messages:
    146
    Likes Received:
    20
    Gender:
    Male
    Occupation:
    Blogger
    Location:
    India
    Hackers are everywhere in online world. You must have to take some precautions and preventive steps to make sure that your site is safe from hackers. Always use a security plugin for your blog. Change your admin username and change your passwords frequently. Change the prefix of the database table where your WordPress site is install. Use captcha on your site registration and login pages.