1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Authorship for Company Blog -- What if Employee Leaves?
This question has been sort of asked before but I haven't found any concrete answers. We've never really had a consistent author on our company blog. We had an internal employee writing, and then we outsourced for a bit, and now we're moving back to an internal writer. With all the transientness of our authors, who should we be using for authorship? If the new writer leaves our company, they take all their AuthorRank with them. Would it make sense to post all content under one of the founders or maybe even a fictitious employee? Edit: Orrrr do we get the new author to create a separate G+ Profile tied to their company email address that we can retain control over even if they leave?
Content Development | | RealWisam0 -
Starting a Blog. New Domain vs integrated in a shop domain?
Hi everybody, We are going to start a blog for posting about topics related to our online shop and its products. Our question is... what is better in terms of SEO.... Creating it in a new domain and linking to our online store when neccessary, or integrating it in our actual online shop and take advantage of our visitors? Thank you very much in advance! Best Regards
Content Development | | fogar0 -
Same content on site blog as a separate blog. Will unpublishing on one blog evade duplicate content issues?
I just discovered my client was posting the same content as the site I'm working on for him on a separate blog. I don't want to run into duplicate content issues. Both are Wordpress sites. Will it suffice to simply unpublish duplicate entries on the other blog and leave the posts as drafts?
Content Development | | locallyrank0 -
Blog setup best practices
Does SEOmoz have any "best practices" on setting a wordpress blog? Things such as essential plugins, best practices on category structure, what to do and not to do? Thank you!
Content Development | | seomozinator0 -
Help on blog topics for my niche
I'm looking for a couple of blogging ideas to get the ball rolling (mainly in my head) for one of the company websites I am working on. The site is https://perco.co.uk The company is based around offering trenchless technology across the UK. The first couple of posts are more like 'Latest news' items and I have only really come up with an idea of 'microtunnelling vs directional drilling'. I didn't seem to get much out of ubersuggest, soovle and google instant. Has anyone got any ideas? Thanks
Content Development | | Hughescov
Shaun0 -
Short Meme/Image Posts on Blog - Will this hurt me?
Hey guys, I use Hootsuite to cross-post to twitter/facebook/google+/wordpress. It's mostly short one-sentence posts (http://minecraftserverfinder.wordpress.com/). But it's updated about 5-6 times a day and the images are relevant and interesting to my followers. Currently the wordpress page is not hosted on my main site minecraftserverfinder.com, it just links to it. I do have another blog on minecraftserverfinder.com/blog that has a couple of lengthy articles. My questions are thus: Should I keep going with these posts? Should I consolidate the blogs and host them on my main site? Thanks in advance.
Content Development | | HamburgerHelper0 -
Is it advisable to have unique pages for different cities/states though there wouldnt be any actual differentiation in the actual content.
Is it advisable to have unique pages for different cities/states though there wouldnt be any actual differentiation in the content. For example should we have separate pages for "hammers in california" & "hammers in new york". The product is same and content more or less the same. The search volume for individual queries is low but collectively makes a large number. The unique title tag automatically will generate traffic. So does it make sense to make 50 such pages. Else is there any way to uniquely target 50 such queries/month/city
Content Development | | DYo0 -
Tools to Eval Blog Content - Rate your Fav tool
Ok, so I know that is has been covered in depth and at the risk of being sent to “google it!” (Which I have done with no success) I thought that I would ask your opinions on the topic. What are the best content marketing evaluation tools? By this I am specifically referring to tools that evaluate the content of Blogs, etc and not the performance of the blog, etc. I’m eager to hear your thoughts of what works and if you care to share what tools did not. Thanks
Content Development | | Questionmana0