tekiegreg Posted May 3, 2013 Report Share Posted May 3, 2013 Getting sick of hackers getting at your WordPress blog? Want the HawkHost support staff to enjoy speaking with you instead of a *sigh* and an "oh you again, who hacked you now?" get this! http://bit51.com/better-wp-security-3-4-9/ Installed this plugin, and it walked me through tons of basic stuff in securing my site. Give the plugin owners a few dollars too. </shamelessplug> Dianaiajks, fgbVfger, PirlWerbtit and 9 others 12 Quote Link to comment Share on other sites More sharing options...
gavind Posted May 9, 2013 Report Share Posted May 9, 2013 Has anyone tried to give this a run yet? The site also does not say if this plugin is free or paid. Quote Link to comment Share on other sites More sharing options...
tekiegreg Posted May 10, 2013 Author Report Share Posted May 10, 2013 I'm running it, so far no complaints (other than having to remember my new admin url and username). It's donation-ware, in that he asks for no money to run it, but if you like a few bucks are appreciated. Has anyone tried to give this a run yet? The site also does not say if this plugin is free or paid. Quote Link to comment Share on other sites More sharing options...
Guy Scharf Posted May 10, 2013 Report Share Posted May 10, 2013 I've used Better WP Security plugin for more than a year. It does its job, and does it well. It's important to use a security plugin. If you look closely at traffic, attempts to break in are common. More common on some sites than others, for reasons unknown to me. We have regular attempts to crack our "admin" password using a wordlist. Because of a compatibility issue between two plugins, I handle those with the "Limit Logon Attempts" plugin, but Better WP Security will do the same thing. For example, we've had a distributed attack on our admin password today. There have been more than 1,000 guesses so far, originating from a botnet with computers in places like Turkey, Phillipines, Japan, Indonesia, etc. (Geographic comments based on my spot checking some IP addresses. I didn't look them all up.) Since I have the logon limiting plugin set to block the IP after only a few failures, the plugin is blocking their botnet IP by IP. We had a similar attack yesterday, beginning around 7 am and fading away in a few hours. It started earlier today and lasted longer, but faded out by afternoon. Although the attack today lasted longer, it was just as ineffectual. Better WP Security does a good job of guiding you through ways to protect your WordPress site. I use it on each of the three WordPress sites I manage. Quote Link to comment Share on other sites More sharing options...
tekiegreg Posted May 13, 2013 Author Report Share Posted May 13, 2013 Interesting on my end, for the record my blog isn't very popoular (maybe 1,000 hits/month). When you look through the bad logins, other than an occasional "Whoops" by me I only see the occasional other string of 5-6 bad logins by a single address and that's it. I take it that's some kiddie looking for an easy score trying default passwords. Quote Link to comment Share on other sites More sharing options...
Brian Posted May 13, 2013 Report Share Posted May 13, 2013 tekiegreg are you using Cloudflare by any chance? I know they do a lot of automatic filtering for known malicious IPs/hosts so that may explain it. That said we are constantly seeing attempts at people trying to bruteforce wp-admin logins. We block what we can but it is still important to have strong (10 character minimum, alphanumeric with symbols, unique) passwords and make sure your software is up to date. I can't even begin to explain how much of my day is taken up by helping customers who were compromised either due to a bruteforced password or running outdated WP versions. Sadly we still have folks running the 2.9.X branch Quote Link to comment Share on other sites More sharing options...
tekiegreg Posted May 13, 2013 Author Report Share Posted May 13, 2013 Never did sign up for CloudFlare, note to self, research and maybe implement. Well now, not only is my password super tight, but you'd have to guess my new wp-admin url and my new admin username as well. Makes it all that much harder... tekiegreg are you using Cloudflare by any chance? I know they do a lot of automatic filtering for known malicious IPs/hosts so that may explain it. That said we are constantly seeing attempts at people trying to bruteforce wp-admin logins. We block what we can but it is still important to have strong (10 character minimum, alphanumeric with symbols, unique) passwords and make sure your software is up to date. I can't even begin to explain how much of my day is taken up by helping customers who were compromised either due to a bruteforced password or running outdated WP versions. Sadly we still have folks running the 2.9.X branch Quote Link to comment Share on other sites More sharing options...
david#1 Posted March 9, 2014 Report Share Posted March 9, 2014 Just follow these 12 Steps Tutorial on securing wordpress trust me your wordpress will become safe from most of the attacks Quote Link to comment Share on other sites More sharing options...
noer98 Posted April 2, 2014 Report Share Posted April 2, 2014 just make sure always install latest wordpress version Quote Link to comment Share on other sites More sharing options...
devstart Posted April 22, 2014 Report Share Posted April 22, 2014 I prefer to us Wordfence Security as a guard for my wordpress site. Quote Link to comment Share on other sites More sharing options...
hannah_isi Posted July 11, 2014 Report Share Posted July 11, 2014 is a plugin really necessary for making my wordpress site secure? I couldn't tell you if anyone has tried to hack me yet but I know I get spam comments a lot on posts...which has led me to turning comments off...I'm also wary of adding too many plugins Quote Link to comment Share on other sites More sharing options...
Brian Posted July 14, 2014 Report Share Posted July 14, 2014 No plugin is necessary to secure your Wordpress installation but a lot of them do add benefits. As a general reference/starter guide for securing your WP installation we suggest looking at http://codex.wordpress.org/Hardening_WordPress Quote Link to comment Share on other sites More sharing options...
debiwebi Posted December 1, 2016 Report Share Posted December 1, 2016 I realize this is a really old topic, but I just wanted to say thanks for the info. I have a few WP sites that I will eventually be moving to my HH hosting. I'm very impressed with the company and support so far. tekiegreg 1 Quote Link to comment Share on other sites More sharing options...
tekiegreg Posted December 13, 2016 Author Report Share Posted December 13, 2016 Still very relevant advice, if anything I'm picking up more attacks on Wordpress sites I work with nowadays. Quote Link to comment Share on other sites More sharing options...
tekiegreg Posted March 1, 2019 Author Report Share Posted March 1, 2019 I'm going to bring this zombie thread back up to the top, with one of the more popular sites I have here at Hawkhost, I've not only noticed an increase in the amount of hack attempts on our site, but the sophistication level as well. Password brute force attempts seem more systematic, using data that they'd have to glean from elsewhere about our organization, suggesting that humans are behind this stuff now too, not just mere bots. For example users personal data has been found in password attempts, that would not have been anywhere on the site. When quizzed, targeted end users weren't involved/had no idea where bad guys would have got this data. Wordpress now has pro plugins that allow for 2 factor authentication. I'd say this is a good investment at this time. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.