1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Updating Publishing Date on Blog Posts
Hi, We have been optimising and re-sharing old blogs posts from our feed. If we were to change the date of publishing on the posts in order to bring them to the top of our feed, would this have any negative impacts on the posts' metadata? Thanks!
Content Development | | wearehappymedia0 -
Reviving a (very) old blog - is it worth shifting the content onto a new blog?
I look after a few ecommerce sites, one of them doesn't currently have a blog, we are setting up a wordpress blog now for the site. Going way back in time the site did have a blog which was on a separate Typepad domain. What I'm wondering is whether it is worth redirecting this whole blog to the new blog section of the site and copying some of the content over to the new blog as historical posts? I don't think it will be possible to redirect each individual post to a new one so it will just be a straight redirect of the old blog domain to the new one with the same (most of anyway) content. Do you think it is worth doing this for the value of this content which is relevant but dated (many of the links are now expired)? Doing this will take some time to do so it's not 'free' content we'd be getting We have a lot of new content planned out so we won't be short of content, just would be nice to have some historical content on there too Thanks
Content Development | | PeterLeatherland0 -
Would it be smart to have 2 different blogs on our site?
I run Wick Video - where we make animated videos for businesses. We are toying around with making blog/video content geared toward marketers, _and _creating blogs/tutorials geared toward designers and animators. Since it's two totally different groups, we've had the idea of making two separate blogs. Is that a good idea? Any websites currently doing this well?
Content Development | | WickVideo0 -
Guest blog on my web site.
**I received this email from a lady who wishes to write articles and post them on my site under my news section . Ok, if its quality I dont mind hiring somebody to create a post. Her proposal is as follows and this is her email :-**Basically what I can offer is to write a couple of articles for your News section, something fun and interesting for your visitors which will hopefully drag some traffic your way. I could make them well suited to your site and I could include in each a link to a client of mine - one who wants to be exposed on a good site like yours - and for doing that I can offer you compensation of £33 for each client link - 1 per article. For example, one client is Watches of Switzerland, so I could write an article about ideal wedding gifts for a groom maybe, or something about a perfect Honeymoon destination like Switzerland, and slip a link in there. Other clients include Weddingsite and Lampcommerce - which could be included in something about making a matrimonial home. There are a few stipulations I would need to abide by, like - the article would need to be 500 words, it would need the link to be a 'do follow' link, it would need a picture or two, and it would need a couple of 'sacrifice links' (just links to Wikipedia or something to make it more Google friendly). Question. Is this what a guest article is ? and also is the format ok ? Sorry if this seems a dumb question but still learning guys . King regards to everyone Peter
Content Development | | weddingshoesandaccessories1 -
What is Moz Community and Blog Commenting System Built on?
Hi, I love the Moz blog and community so I'm just curious what it is built on. Is it built on something like a bbPress or is it custom system built in-house? Thanks!
Content Development | | fbchris0 -
Blogs, blogspot, tumblr etc
We currently have our own wordpress blog on our site using wordpress, is it worth while having others such as blogspot, tumblr etc for seo purposes? Or would I be wasting my time and efforts?
Content Development | | Shuffled0 -
How can i export al my text to 1 file ?
I like to export al my website text to 1 file, to check if the are any errors in it. How is this possible ?
Content Development | | Jorianp0 -
Can I delete an old blog post and be ok?
I wrote some blog posts on my wordpress blog a few years ago that I no longer want on my site. I have them "no index" and "no follow" but everytime I run a report on my site they still seem to pop up. If I just delete the posts will it result in a broken link for my site? Or is there another way I can go about it? Thanks guys
Content Development | | Caseman0