1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
2 Domains, 1 Brand - Content Marketing Strategy Question
I have a customer that has two separate locations for the same business on two different URLs (both connected via Landing Page). I cannot change this. They are in the powersports industry (snowmobiles, ATVs, motorcycles, dirt bikes, etc). The locations are about 10 miles from one another, essentially sell the same brands & products (there are 1 or 2 exceptions), have the same target audience (local & from out-of-state), and have the same goals. They currently rank #1 and #2 for their industry in their area. They now want a content marketing strategy. I face limitations with the CMS (no blog abilities and technical issues that are out of my control), and content marketing can really only consist of custom graphics & custom page creation. Typically, custom pages are utilized by creating Brand Pages describing the major brands to built out authority in those categories, and then try to branch out from there to create individual product-category pages with more unique content to answer more of a question based on the intent. I am very concerned about creating content that will be too similar between the two locations and will thus compete with the other location, so I am thinking I should devise a completely different strategy for 1 location over the other. Is that a good idea? I think with the smaller location, I choose the typical route of creating brand pages, product pages, etc, and then with the bigger location, try to focus on unique content such as buyer's guide, local SEO ideas about the area, FAQs, testimonials, etc. Thoughts/ideas?
Content Development | | Crichardson19900 -
Content Writing - it should be for the main corporate site, blog or for social media?
Hi There, I have my main site : example.com and a related blog https://blog.example.com/ My management does not believe frequent content posting on the example.com My Queries 1- Will it help boost ranking of **example.com **if we share frequent content on our blog https://blog.example.com/? How much impact it has? 2- Every body says content is the king, Ok fine, but when you are not allowed to share it on the main corporate site, then where to share it? Blog and social media sites? please help. 3- We are in a business where clients do not bother to go on sites and read, so in this scenario is it correct to say that you hav to create the content for search engine consumption even when your clients dont need it/or have not in the habit of reading it? Hope somebody will enligten me caught in catch 22. Regards Tanveer
Content Development | | Sequelmed1 -
Looking for a Proof Reader for a Moz Blog Post..
Hello everybody, After being here for 4 years I decided to write a post for YouMoz. That was about 3 months ago, and while I have read, re-read and proofed this thing a dozen times since, I know my own limits. I honestly want the post to be the best it can be, and while I stand by my article, I know my forte is not with writing. My article is about Beginning SEO and Where to Start, yes it maybe cliche but I find myself answering many of the questions on these QA boards that I address in this article. It would be nice to have a post I could point to when such situations arise. What I'm looking for is one or two persons with a strong knowledge of basic SEO, the ability to understand me (a cluttered mind), and strong grammar skills. Credit will be given to those who want it. The article is basically in what I consider a finished state, I just need to add a compendium video for one of the sections. I have done my own artwork, research, and document design. I just need a keen eye to snuff out those grammar errors I always miss and somebody to tell me if a section doesn't make sense. If you are interested please let me know here, or send me a PM. I would like to have something to review to make my selection so if you're not active here, a link to where you are would be beneficial. I know that might be asking a lot; help and you also get vetted, but the idea is I don't want to send out what I think is a very good article only to see it appear on another site. Thank you, Don P.S. To the Moz staff. Once I make my selection I will mark at least one response as Good so it don't keep annoying you as an un-answered question.
Content Development | | donford1 -
Blog Frequency
Hi, We have a new blog, we write 4 blogs per month and have been posting all 4 in one go at the same time per month. Would it be more beneficial to post the blogs 1 per week or does it not matter? Also, is 4 blog 250 word blogs per month enough or should we be doing more? Thanks Andrew
Content Development | | Studio330 -
Best place for a blog blog.mydomain.com or mydomain.com/blog
We have used blogs on a good number of client sites and always got good results from having them. However do you feel its best to have a blog as a subdomain or included in the site ie blog.mydomain.com or mydomain.com/blog
Content Development | | tempowebdesign0 -
Name Some Ecommerce Sites That NAIL Blogging
Have a few favorites but would like to get some other people's opinions on some ecommerce sites that are doing blogging RIGHT. Who is supporting their online marketing with an amazing blog? One of my favorites is Backcountry.com's The Goat (http://thegoat.backcountry.com/) Let me know!
Content Development | | GManSEO1 -
Deleting a Wordpress Blog Page with no inbound links?
What are the concerns I should have in deleting a WordPress Page that is no longer relevant or a duplicate? Note: This would be a page that does not have any inbound links to it.
Content Development | | CMCD0 -
A Blogs appearance
What are peoples opinions on a blog and its appearance in relation to a site. The two ways being - 1. A Blog that is fully fitting within the theme of the main website. 2. A seperate entity following a standard wordpress theme Now I have seen many different scenarios and I wanted to share some experiences and gain insight from other people on here. I once spoke to a web designer who totally frowned upon the idea of it being a separate entity. "It looks cheap it doesn't fit within the design" My thoughts are benefits can been found with having a separate looking blog it provides that realistic "student" type look and feel adding a "realistic" angle. Thanks for your opinions,
Content Development | | onlinemediadirect0