1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
Web page or blog ? Which one is preferable
Hello, For one of our sites, 19 keywords are ranking on Home page. But, the home page doesn't have content with those keywords. I am afraid that with Google updates, we will eventually lose all the ranking position for these keywords. Should we ask the client to create blog around those keywords or create separate pages ? Thanks
Content Development | | Johnroger0 -
Best Wordpress theme for blogging
Hi all, What is the best Wordpress theme for a professional DM blog? I am looking for something minimalistic where I can add my personal profile and have articles nicely listed, potentially grouped within categories. Any ideas? Thanks. Katarina
Content Development | | Katarina-Borovska3 -
Updating a Business Blog Article - Old or New Published Date
There are a few business blogs that I'm currently updating - include more details, information, case studies, statistics etc. The blog was originally published in September of 2016. Once I make the changes, do I keep the same original date or do I change the date to the day that i've uploaded the new information? Example:
Content Development | | Kdruckenbrod
Original Published date: September 2016
Updated Blog: June 2017. What date should the blog display? Thank you.0 -
Could posting on YouMoz get you penalized for "Guest Blogging?"
From my understanding, Matt Cutts hates guest blogging, so I told all of the attorneys here not to write anywhere but on our blog. However, I realized people are constantly "guest blogging' on Moz, and considering how smart these people are, it must not be hurting them or they wouldn't do it. However, what I don't understand is why? Yes, I do get that the quality of what's on YouMoz is high and not spammy, but I got the impression that didn't really matter. Guest blogging would get you into trouble no matter what. Can someone clarify for me? Thanks, Ruben
Content Development | | KempRugeLawGroup4 -
How long should a quality blog post be?
How long should a "quality" blog post be? General advice seems to be that a 300 word post just won't cut it, but advice on the optimum length is vague. I appreciate that all posts are different but is there a rule of thumb, is 1000 words good and 1500 too long...or should they are all aim to be 2000 words? Also with regards to pictures in blogs, can they just be taken from the web or are there sites that I should be using to source the pictures? Thanks
Content Development | | Studio330 -
Rel = Canonical in Blog Posting
Hello, I'm getting a lot of Seomoz warnings about rel=canonical issues. Is the code below ok to put on our (drupal website) blog? link rel="canonical" href="http://www.example.com/blog/my-awesome-blog-post"< (with the > reversed). Thanks!
Content Development | | OTSEO0 -
Should we implement rel=author on every past blog post
Hi guys, we're in the process of implementing rel=author markup on our blogs containing more than 3,000 posts. They are written by about 50 different people, and some of them don't blog anymore or are no longer with the company. Should we have rel=author for all blog posts, even those published in 2006? Thanks for your help!
Content Development | | lgrozeva0 -
Where can I find places to guest blog?
I have done a couple of guest blogs but I have come up dry as of late. Any tips on where to find blogs interested in linking for content?
Content Development | | ibex0