1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
At what point to stop comments on a blog? Do too many comments hurt the page?
I have a page that's ranking pretty well, and driving sales. That page is starting to get 10+ comments per day and is starting to get quite long. I was wondering if there is a point where I should disable the comments? My gut tells me that people interacting with the page, and Google seeing responses with the users SHOULD be a good thing not bad. But, then I think that a majority of the content of the page is no longer the article, but the comments. All the comments are good, non spammy and directly related to the topic. People just asking questions, etc. Good engagement, I should be happy right?
Content Development | | DemiGR0 -
How Are You Handling Blog Posts/Author Pages when Employees Leave the Company?
What do you believe to be the best approach in handling blog content for employees once they have left the company? We don’t want to remove the blog posts so they need to stay, but then there are the author pages. This gets tricky because the CMS ties the blog post to the author. One approach might be to change the author’s name to the Company’s name to get around author pages for people no longer with the company. It’s kind of tricky because the blog posts won’t have the same credibility if they don’t have a person’s name/photo associated with the post. We could leave the blogger’s page and list him as a “Contributing Author” once he’s left the company. Thoughts?
Content Development | | RosemaryB0 -
Repurpose/reuse blog content - email address to make available for this
Hi, From Rand's recent Whiteboard Friday, I learned this: "Have right on the blog page the email address to use if they want to repurpose/reuse the content. That way if someone wants to give us a backlink and quote/reference our blog, they have an easy way to get permission." My question is, what do I say with the email address when I list our contact email? Something like 1. Just list the email address 2. "To reuse/repurpose our content, please contact adress@email.com." or something else?
Content Development | | BobGW0 -
I have a domain with rank no 1 in google web search!
I have a domain with rank no 1 in google web search! When I search for the keyword which are the domainname in google adwords, keyword search I get 1.200.000 searches in that keyword. Our domain have only 10 visitors a day - why is that?
Content Development | | fredrecokonsult0 -
Blog Influencer's tool
Hi Mozzers, Can you help me with something please. I need a tool (preferably free or low cost) to find a list of influencers (blog or some types of publication) in a particular marketplace. Step 2 would be to see if we can then syndicate content but I need to find them first. Obviously there Google blog finder and general searches, I've used other tools in the past but a long time ago - what are people using now and what's the best? Thanks B
Content Development | | Bush_JSM0 -
Wordpress blog, transferring .com to .org
For many years now we've had a wordpress.com blog, and accumulated a lot of links from it as a result. We now have a wordpress.org blog and are keen to move all the old posts on to the new .org site. How can this be done without losing the links from the old .com blog? Thanks in advance.
Content Development | | copywritingbuzz0 -
Guest Blogging
Hey Guys, I've been reading about the power of guest blogging and it seems like a fun way to build links. However, finding blogs that allow guest blog posts is a bit tougher than I thought. I read about MyBlogGuest.com and some other guest blog networks. Are these legit and am I on the right track when searching for blogs that will allow a guest post? Thanks!
Content Development | | GoldStarGames0 -
Blog content practices for e-commerce sites
What is the best practice in regards to content for e-commerce blogs on the same domain as the web-store (blog.storename.com)? What balance of content should be on the blog vs. the item & section pages or doesn't it matter?
Content Development | | MEldridge0