1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?
-
My new blog growing up fast and I'm about the break the Alexa million and I discovered 1,023 blocked malicious login attempts today. I'm really got scared when I saw this number. I'm using WordPress, any advises?
-
There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.
-
Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.
User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.
Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.
Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.
-
Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/
Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.
-
Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.
-
theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)
-
Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login
-
It's won't type my password there really. I don't know ...
-
I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.
-
I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?
-
I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.
-
I agree with Massimillano here.
Three things you should do for all common CMS systems (WP, Joomla, ect..)
First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.
Second protect admin directory with .htaccess & .htpasswd. There is a nice generator I have used on some of my sites in the past here.
Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.
-
Change the name of the login page, I mean in addition to having a strong password of course.
Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.
-
This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.
-
Make a really strong password.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
References for Healthcare Blog Content?
Hey everyone, We have a couple B2C medical/healthcare clients we produce content for and I was wondering what the industry stance is when it comes to giving references at the end of a blog, assuming there were no statistics or direct quotes used in the content. A lot of our content is written via research on a specific condition/treatment and doesn't really dive deep into specific medical nuances. Things like risks, recovery timelines, questions to ask, etc. are written about mostly. Still, should we be providing general references at the end of blogs to sites like WebMD, Medscape, etc. Thanks for any input!
Content Development | | danielreyes0 -
Blogging for Clients
Hello, I need some tips I think. I create content for my clients blog through research and I try to understand fully their product or service so that I can write about it and promote it. But is this enough, do you think, to be able to write good quality content? I will obviously never be as knowledgeable as they are about their product or service. Does anyone have any tips or approaches for writing content in areas they are unfamiliar with? What do others do to create blog posts for clients? Thanks
Content Development | | AL123al0 -
I allow authority sites to republish my blog articles, which then outrank me
Hey everyone. This is my first question here, I apologize if it has been covered before. I have a health and nutrition blog [authority nutrition] that has been up since December 1st, 2012. I've managed to write quite a few viral articles which have given me a bunch of natural links and a domain authority of 49, which I think is pretty great for such a new site. Haven't done any link building and everything is 100% white hat. Getting good rankings and good traffic already, so I can't complain. My only (1st world) problem is that sometimes major authority sites (DA of 70-95) republish my content. I always say yes if they ask me first, but some of them just republish without even asking. My articles are always indexed on my blog before they get republished, but it doesn't seem to make a difference. These sites always clearly link to the original URL, but they often tend to outrank me for the keywords I was targeting in the articles. They tend to rank in the top 5, but my original article is nowhere to be found. I plan on continuing to allow these sites to republish as I get powerful links and good traffic from them, but it's a bit frustrating that I don't seem to get the credit as the original source. I've already set up Google Authorship, but it doesn't seem to help. Is there anything I can do to make sure Google recognizes my article as the original and chooses to rank my site instead of the authority site that simply republished my article?
Content Development | | kriistjanm1 -
One Page Website Blog Content Question
Hi guys, I'm new to the art of SEO and am learning every day from all the fantastic content here, I have a question that I can't find an answer to, hope it doesn't stump you like it has me... I have a one page website (www.neilwilliamsvoiceover.com) that I need to put more content on for SEO purposes but needs to be kept as one page. I've set-up a blog via blogger, and have that on the website but it's in iframe, which I've now discovered is ignored by search engines. So, my question is, is there a way to pull my blog feed into the website and have it recognised by search engines as content for the website? Would I use an RSS feed or feed burner or something else completely?! Thanks for your time and help in advance.
Content Development | | BamMK0 -
Blog on a separate domain
We want to set up a blog to discuss our industry. Is it better to set-up the blog on a domain that we buy and then link to it from our website or set-up a blog on a posterous account or something with a link?
Content Development | | AAttias0 -
Blogging
I have a blog that I post articles to, would it be ok to submit these posts to Ezinearticles as well or will that be considered duplicate content?
Content Development | | SEODinosaur0 -
Blog Commenting Best interface
Hi All, In your opinion what are the advantages and disadvantages of Livefyre Facebook comments system Disques Thanks, John
Content Development | | johnshearer0 -
Why does my lousy little blog Rank number 1 on Google?
Search "Google Places Changes." My Blog, www.salesjumpstart.net/blog is ranked first. Has been for a week. Why? Makes no sense. I have been getting many first page Google results for 3 and 4 word keyword searches. The site or Blog just isn't that strong. http://www.google.com/search?q=Google+places+hchanges&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a#sclient=psy&hl=en&client=firefox-a&hs=uFR&rls=org.mozilla:en-US%3Aofficial&source=hp&q=Google+places+changes&pbx=1&oq=Google+places+changes&aq=f&aqi=g2g-j1g-b1&aql=&gs_sm=e&gs_upl=4293l4293l0l4628l1l1l0l0l0l0l271l271l2-1l1l0&bav=on.2,or.r_gc.r_pw.&fp=661c0b1152c259b4&biw=1024&bih=583
Content Development | | MBayes0