If You Use Wordpress (wp), Beware Of Major Attempts By Hackers :(

what's a WP?

---Mike Savad
MikeSavad.com

Word Press maybe?

Whoops yes Wordpress. I'll edit OP, sorry

i got webpage when i looked it up. that makes more sense though. don't have one... so yay...


---Mike Savad
MikeSavad.com

Charly,

Dont know if you mean WP.org or WP.com, but I disabled the comments from day one. I have no emails ever.
Almost every single hacker attempt on a WP comes through the comments section. And if you get hacked stopping
that costs money with what others here would think of as antivirus malware, but costly malware just for websites.
Yes you can screen comments to stop this....but not entirely......as I said I take no comments ever......

Just my site, my word on my art. It is a through station with GA, Statscounter and speed for cellphones.
I do not blog on it.

Dave

Charly, I used to use wordfence. That's pretty cool

Dave, yes some spam comes through comments but comments are what helps your site grow.

Dave, they were not from comments as I have them set up to be moderated first; only those I allow are put up on my site. These were blatant attempts to log into my sites via admin-login user name. Of course they didn't have the correct user name, so they were immediately locked out. :)

Indeed Abbie! Wordfence is one thing I specifically rely on. It tells me who's blocked or locked out. Yet the best part is being notified when I log in or if by chance someone else logs in. Although I use WP generated passwords which makes it hard to figure out even if they did get my user name. Most of the attempts used admin, administration or imagerybycharly. A good majority came from Russia of the 100 or so I randomly checked.

The one thing I learned very early on was not to use a standard name for my log in name on Wordpress

I use a security plug-in that helps with spammers and hackers on my Wordpress site.

Dave Gordon
http://davegordonphotography.com

David, which one? We are talking about Wordfence but on another site I just started using iThemes Security

Abbie,

I am using the All in One WP Security plug-in. It has many settings that you can configure. It is free.

https://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

Usually the most common way hackers attack your site is by hitting the /wp-login.php page multiple times in attempting to login. One of the features is the rename login feature to create a bypass so that your login page becomes /yoursitename.com/specialname where you assign a special page name and password. This prevents the brute force hack attacks.

Hope this helps,

Dave

My WP comments are moderated so spam won't go thru unless I allow it.
I've only had a few "real" comments :-(
My blogs just don't get read, sigh....

Ah yes, that is what these do also. The latter one I mentioned also changes the admin ID from 1

Awww Melany!!

I have my wp-admin locked down, via Wordfence, to stop attacks like this. I also have SiteLock that also helps with attacks and both make sure no malware is on my site. Outside of that I have used .htaccess to to give an Access Denied page to come up if anyone tries to access any of my wp folders; especially my image folder which I created/use. Google is very good at hitting the original images uploaded, but I only put up images no more than 600px on long side at about 57kb. If people click on the page where the image is they can see it, but if they click on the original image link they are denied access. When I rebuild my sites, I'll probably change the wp folder names.

~ Charly

i use both wordfence and IThemes security on one of my wordpress sites but have yet to implement these on www.fineartbyandrewdavid.co.uk

David G,

thank you for the All in One WP Sec and FW. I installed it just now and updated through it all.

I added the right click thing as well and took out my previous plugin. Now my download requests are one fewer and my time to download the site
is better again.

I had the misconception that security cost money. The reason for that was Bluehost advertises security. They want to charge for it. When I called
about the plans they offer I was told a song and dance that would cost me money.

Dave

I have added a separate thread in this forum asking how to backup my site. I need to update my WP version to 4.3.

Any help will be appreciated.

Dave

@Dave "When I called about the plans they offer I was told a song and dance that would cost me money. "

yup. I get the same thing. They used to be better. This past year lots of downtime and BS excuses like its because I have a WP site or its because I'm on a shared server and if I upgraded to a private server (for more money of course), my problems would go away.

You can back-up your DB from All in One WP settings.

Dave

Thanks for the heads up, Charly ... we've been busy doing real-life stuff lately and I hadn't checked into my blog in a bit. Just did and yipers, there were lots of icky spammy comments waiting for my blessings. Which they did not get, of course, lol!! Anyhow ... thanks again.