1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
How many backlinks should I incluede in guest blog?
Hello MOZ I really need some help here and would love your advice! I have access to a fantastic PBN through my sister's work colleague who is an experienced marketing director. The PBN is relative to my industry and are all DA 50+ My sister is a copywriter and is putting content together around 500-600 words long. My questions are: How many backlinks should she include in each guest blog post? Are 2 too many? Should the anchor text keywords be exact to the products I am selling? Tips/Advice going forward with the project? Thank you!
Content Development | | Luca_D0 -
Simple Blog Content Question
Which is better? To write my own blog post or, (with permission) use other high DA content on my blog. I'll probably do both, but I'm very curious as to what the search engines prefer or which is better for seo. Thanks in advance!
Content Development | | MissThumann0 -
Staggered Blog Posting
Hi, My client has recently launched a new site - while the site was under development (A period of around 6 months) they build up a large amount of posts for their new blog. I have advised them against uploading all the posts in one go (ie from 0 to 100 in one day), as I'm sure this would be viewed with suspension by the search engines. My question is (and I'm not looking for a magic number here), what would be the best way to publish these blog posts, and what possible penalties could be triggered if we do it incorrectly. I do believe the content is unique and unpublished elsewhere. My suggestion to my client was to create a content calendar and set dates on which the various posts should be published. Further I suggested it is stagged or random, i.e. not every 2nd day - but vary it - so for example, 2 a day then a break for a day or two then one post, then the next day another 2 etc. Any thoughts from the Moz Community? Thanks, Jason
Content Development | | Clickmetrics0 -
Any help on best practices to move blog domain?
Hi, I am going to move my blog hosted on wordpress.com to a folder under mysite.com. (e.g. mysite.com/blog/). I start to think after the blog has gone live there will be duplicated content issue because I am going to import my posts in last 2 years onto the new location. I what way can I avoid that happen? Can I set something up (e.g. 301 redirect) in my current wordpress.com account? Any advice. Please help! Thanks
Content Development | | LauraHT0 -
My New blog has NO content since 2 months, the day it was launch, What to DO? Is it "DEAD"???
2 months ago, I publish a NEW blog, http://www.mervrating.org The blog has only 3 posts. I don't have much time to work on it. Does it HURT my SEO? Can I start working on it on regular basis and try to built authority or does it looks "dead" to search engine? I would like to bring it alive and give it a second chance, will it be hard if it has no content since the beginning? What is your opinions? Thank you, BigBlaze
Content Development | | BigBlaze2050 -
Best Blog Engine
We currently are using blogengine.net 1.6 and it's proving to be an SEO nightmare, with link loops causing infinite "duplicate content". I am trying to find the best blog solution as far as ease of use, clean content and good SEO. What do you use? What do you suggest? Thanks!
Content Development | | QuickLearnTraining0 -
Duplicate Text on Blog & Internal News Page
I have two places I post news for our company. Our blog - typically more informal posts
Content Development | | seo-hunter
mycompany.wordpress.com & Our news page - typically more newsworthy than the blog
mycompany.com/news My question is, It is okay to just copy the exact text from my wordpress blog and paste to my news area of my site and vice versa? Does this hurt ranking potential for either page?0 -
Using own domain for Google blog
Is it worth the effort using your own domain for a Google blog? After adding my own domain to a blog I see a boost in ranking, maybe the url has more value without the blogspot extension, or that Google might treat the (max.10) pages you produce under your own domain as "independent" thus giving you the chance of building your own domain trust...?
Content Development | | vibelingo0