1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Updating Publishing Date on Blog Posts
Hi, We have been optimising and re-sharing old blogs posts from our feed. If we were to change the date of publishing on the posts in order to bring them to the top of our feed, would this have any negative impacts on the posts' metadata? Thanks!
Content Development | | wearehappymedia0 -
Safest Way to remove a blog?
I have a Magento site that is around 4 years old. It has 2 different wordpress blogs on the same domain. domain/blog domain/nicheblog I would like to completely remove the 2 blogs as the information on them is of low quality and its outdated information. What is the safest way for me to remove this content with out having negative effects on my rankings? thanks
Content Development | | Shop-Sq0 -
Blog Content if Google has stated it doesn't like your blog?
Hi guys, In the new 'mobile usability' tab in Webmaster Tools, Google has stated that our blog isn't offering a good experience for users. Something we already knew and I want to change, but I can't get the budget approved to complete the work. I was just wondering if you think Google isn't going to hold my content very high as a result. I want to produce more content on our blog around our valuable keywords in hope to improve our rankings, but if Google isn't holding our site in high regard I'm thinking there may not be much point in it. Any thoughts would be appreciated. Thanks Brian
Content Development | | brianmadden0 -
Blogging for Clients
Hello, I need some tips I think. I create content for my clients blog through research and I try to understand fully their product or service so that I can write about it and promote it. But is this enough, do you think, to be able to write good quality content? I will obviously never be as knowledgeable as they are about their product or service. Does anyone have any tips or approaches for writing content in areas they are unfamiliar with? What do others do to create blog posts for clients? Thanks
Content Development | | AL123al0 -
Blog Content
I keep reading that a steady stream of new blogs from my site is a great way for getting inbound links to my site. My question is... Does the content of my blogs have to be relevant to my site? My site is www.marblerenovation.com. If the blog should stay relevant, I am finding it pretty hard to create engaging content around cleaning marble floors. Also, does anyone know of a good place to find bloggers to help create this content? Thanks in advance everyone Dave
Content Development | | david.smith.segarra0 -
Same content on site blog as a separate blog. Will unpublishing on one blog evade duplicate content issues?
I just discovered my client was posting the same content as the site I'm working on for him on a separate blog. I don't want to run into duplicate content issues. Both are Wordpress sites. Will it suffice to simply unpublish duplicate entries on the other blog and leave the posts as drafts?
Content Development | | locallyrank0 -
Blog and Website = 2 different URL's - Is it WORTH to merge content on to one site
Good day Mozzers! A friend of mine recently asked for my help in regards to online marketing. While getting familiar with his online presence, I realized that he has a blog hosted under a completely different URL Main Site = http://pardons.org/ (page rank 4)
Content Development | | vip4service
Blog = http://pardons.wordpress.com/ (page rank 3) What I am battling with is whether or not he should take all of the blog content he has, and merge it on to his main site. It has over 280+ blog posts spanning over a few years, so there is A LOT of content that could benefit his main site. However is it worth it, or should he continue to run everything as 2 different sites? Also, of you suggest moving the content over, what would be the best way to do it in your opinion? He currently has links on his blog TO his main site, so there is a little bit of link juice there, but with a average of 300 views a day, he only get about 10 clicks to his main site from the blog. Thanks a ton for your help!0 -
Anyone know of any other guest blogging sites like myblogguest?
Hi, I am a member over at myblogguest, but im wondering is this the only service online for guest blogging? Cheers
Content Development | | activitysuper0