1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Blog Comment Sofware
Looking into allowing comments on a business blog: mysite.com/blog. Which is the best software to use to allow readers to leave a comment? (Use wordpress) One that will help eliminate spam. Are there some that allow you to sign in without social accounts (Facebook etc) and are there some that allow you to sign in with social accounts? Thanks
Content Development | | Kdruckenbrod0 -
How to best host a blog - standalone or on the site?
HI We are redesiging our site currently - at the moment we have a low key blog on the site which is pretty well hidden (to be changed with redesign) but is hosted as brand.com/blog name. I have been advised it might be a good idea on relaunch to have the blog as a standalone blog linking back to our main site but also having a graphic on the site that promotes the blog. The blog does not currently have the same name as the website so would work as a standalone site but I understand it would not have any seo benefits from the original site. I have seen on previous posts here that the best practise is domain.com/blog but wondered if anyone thought different? Hope someone can point me in the right direction. Thanks, Penny
Content Development | | Pday0 -
Company blog relaunch. Best practices with Google Algorithm updates in mind?
We have a company blog living on our corporate domain. The blog contained many posts with keywords and we believe google is penalizing us for over optimization as we use to be ranked in the top 5 for our main keyword now we're on page 8. Keeping this in mind, we are planning to relaunch the blog and we wanted to get some tips on best practices that addressing the following questions. Should we archive _all _of our previously published content and start fresh with this relaunch? Should we keep 50 or so published blogs visible? Where should this blog live (on our domain or a wholly separate domain)? We'd love to get thoughts and opinions, and any insight about best practices for a blog relaunch.
Content Development | | plumvoice0 -
How can I influence my colleagues to write blog articles for my company?
Hi, I am trying to get my colleagues work in different department to write an article about their expertise area. They are not aware that what type of benefits they would get if they become an online author. I am trying to make a list of reason why they should participate. I was wondering anyone else would also make any recommendation what i should tell them. So far, my points are: Wider your online presence beyond Facebook and LinkedIn Go extra mile and share your thoughts **Show your expertise ** Reach nationwide readers Thanks!
Content Development | | Rubix0 -
What is the easiest way for me to pitch a blog post for inclusion on SEOmoz?
I want to write a post about why PR people have been doing content marketing for decades. It is just that most don't realise it. I then want to cover 5 content marketing tips from the PR industry, looking 'beyond the infographic'.
Content Development | | PRAgencyOne0 -
Should a business blog be on a separate site or on the ecommerce site itself?
Hey there. I'm a new Pro member and this will be my first question on the Q&A. Thanks in advance for your responses. I'm the owner of an ecommerce site that sells custom candles. www.prometheancandle.com in case anyone wants to take a peak. I've become somewhat of an expert on all-things-candles over the past 4 years and I am thinking about starting a candle related blog. My question is this. Should I build this blog on the ecommerce site itself, say @ www.prometheancandle.com/blog.php, or should I devote a separate site to answering candle related question, history of candles, etc? At first, I was thinking that the blog should remain on the ecommerce site so readers would have easy access to the shop to be able to purchase products. But then it occurred to me that people who may be interested in reading up on candle history, candle making, meditation & candles, etc., may not want to go to an obviously ecommerce site to do that. I know Google values informational sites more than ecommerce sites (at least I think they do), so that encourages me to lean towards the separate site. Well, I may have just answered this question myself, but I'd definitely be interested to hear feedback and opinions. Thanks so much guys and I look forward to hearing from you.
Content Development | | Devynn0 -
Duplicate Text on Blog & Internal News Page
I have two places I post news for our company. Our blog - typically more informal posts
Content Development | | seo-hunter
mycompany.wordpress.com & Our news page - typically more newsworthy than the blog
mycompany.com/news My question is, It is okay to just copy the exact text from my wordpress blog and paste to my news area of my site and vice versa? Does this hurt ranking potential for either page?0 -
Duplicate content for manually setup blog and wordpress blog
We have a website where the ecommerce will not allow us to host blog. So we created our own manual blog page setup. Will this flag duplicate content on Google? http://www.homesupershops.com/blog and http://www.homesupershops.com/blog-july have same content. How come on a word press the same content on http://www.vizionseo.com/blog/ and http://www.vizionseo.com/blog/2011/05/how-can-your-business-rank-high-on-google-maps/ does not flag duplicate content?
Content Development | | VizionSEO990