1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Why is my DA 1?!
Hi all, I blog at www.thebeautyswatch.com and have a dismal DA of 1! Does anyone know why? Thanks, H
Content Development | | HarrietB0 -
Should I move my blog to my other domain ?
i have 2 ecommerce sites with 2 separate blogs, I m planning to redirect-301 one of the sites to the other. I want to move the blog content from the older site to the other site. Can just copy the content to the new site and combine with the existing blog content.? I would appreciate any suggestions on this topic. thank you nick
Content Development | | orion680 -
Where can I install a blog (not on the domain I'm optimising) which will help my search rankings?
I've got my hands tied, and I cannot install a blog like Wordpress on the domain I'm optimising. My question is, where then, would the next best place be? I've heard stories about subdomains being completely useless for affecting SEO of the root domain, and so anything external would probably have the same effect, correct? Would love to hear what some of you do in these situations. Cheers!
Content Development | | featherseo0 -
Is it Possible for an Internal Page to Rank for Various Terms Based ONLY on Blogging Anchor Text?
Hi everyone, Our company provides about 6 different services, each with a specific page on our website: 1. Accept ACH Payments (/accept_ach_payments.html) 2. Client Management & Billing Software (/customer_management.html) 3. Small Business Merchant Accounts (/small_business_merchant_account.html) etc etc Now, here's the question. One of our blogging strategies is to write content about how our online platform can help various types of businesses manage and grow their business. "5 Ways Fitness Business Can...." "How Law Firms Can Benefit...." etc In these blog posts, we don't specify our product, but we do link back into one of those main service pages, so I might link fitness management software to the Client Management & Billing Software (/customer_management.html) page as well as legal billing software to the same client management page Since there are so many different companies that could use our software, we don't want to include them on the Cl_i_ent Management & Billing Software page. That page is just about the benefits of the system and how it works as a great CRM. So....to make a long question short, are we able to rank the Client Management page for "fitness management software" and "legal billing software" if we don't use those terms on the "client management" page itself, and only use it as the anchor text when linking? Instead of making a separate page about how we can be used as a fitness management platform, we'd like our "client management" page to rank for various terms like "fitness management software" "legal billing software" "online church donation software" etc BUT, we don't want to bloat the client management page will all those other topics and content. Hope that makes sense, Patrick
Content Development | | SmallBizSmarts0 -
Blog on domain or sub-domain
Hi, I am looking to incorporate a blog that currently sits on another domain into my site. I am not sure whether to do this as part of my domain or as a sub-domain e.g. mydomain.com.au/blog blog.mydomain.com.au I can see the benefits from an SEO perspective for both but just wanted some advice on the best way to go.
Content Development | | landonkahn0 -
Best Blog Engine
We currently are using blogengine.net 1.6 and it's proving to be an SEO nightmare, with link loops causing infinite "duplicate content". I am trying to find the best blog solution as far as ease of use, clean content and good SEO. What do you use? What do you suggest? Thanks!
Content Development | | QuickLearnTraining0 -
Should I delete old or unrelevant posts in my blog? (Panda Update question)
I have a website where I post articles every few weeks.. Should I remove the outdated and unrevelant posts? I fear that google might punish my website in the Panda update.
Content Development | | wellnesswooz0 -
How to Integrate a Wordpress Blog into my Website
We are looking at integrating a blog into our website. Unfortunately, our content management system is very clunky and not set up to quickly publish blog style content. I'd like to use Wordpress and set up the blog as a subdomain of my company website. Our URL is www.blockandcompany.com so the blog URL would be www.blog.blockandcompany.com. Is it correct to say that if the blog is set up this way, the search engines will see the regular website and the Wordpress hosted blog as one big site? I want to use the blog to write keyword-rich content, but I don't want to divide my SEO "equity" between two separate sites. Any advice?
Content Development | | Blockinc1