Hacking WordPress Site Attempt – How to Protect Your WordPress Sites!
Wordfence is a Free WordPress Security Plugin, Use it! – Leon
Just recently, there has been mass amounts of wordpress site owners reporting that their sites were under attack by hackers all over the world.
Some of my wordpress sites were being attacked as well. This is an alert I got from my Wordfence security plugin sent directly to my email every time one of my sites gets attacked or when it’s in danger of some sort.
The Wordfence alert email reads something like this when a hacker tries to do a brute force admin login attempt:
This alert was generated by Wordfence on “MYSITE” at Friday 25th of January 2014 at 12:23:18 PM
A user with IP address 22.214.171.124 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘admin’ to try to sign in.
User IP: 126.96.36.199
User hostname: Somewhere in China
If I wasn’t using any kind of security for my wordpress sites, I would’ve never even realized of this hacking attempt.
Now that I know the IP address of this hacker, I would go to my Wordfence setting and setup a block ip address.
I would also recommend to do the following for your wordfence settings:
- Make sure to add an email to receive threat alerts
- Lock out after how many login failures: Use a low number like 5
- Lock out after how many forgot password attempts: Use a low number like 5
- Amount of time a user is locked out: About 1 hour.
Wordfence does a LOT of things to protect your sites, such as scanning for malware, real-time blocking of attacks, and much much more!
“Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.”
Using Wordfence won’t make your site invincible to being hacked. After all, even big multi-billion dollar corporations get hacked like Target and Sony.
But using Wordfence will GREATLY improve your wordpress site’s security.
How to install and use Wordfence on your WordPress sites?
Wordfence is a free plugin that you can just install, activate, add your email (to receive alerts) and that’s all!
Read About My Top 5 Free Must-Have WordPress Plugins.
Has Wordfence protected your site from an attack in the past? Leave a comment.
Thanks for sharing this detail about WordFence. There is no doubt that every site is not invincible but its more important to know that we can take steps to improve the security of our site.
Never tried Wordfence in the past but I should do now. Thanks for sharing this Leon. Its VERY HELPFUL!
I have shared this comment in kingged.com, where I found this content shared, syndicated, and bookmarked for Internet marketers.
Sunday – kingged.com contributor
I’m concerned about the security of my WordPress blogs. With the news of ‘biggies’ and famous sites getting hacked by hackers, I just can’t afford to miss the ‘security’ aspect of my blog.
And I’ve been taking steps like- setting up a difficult password, keeping an eye on plugins, themes I use etc.
But I haven’t given this plugin a try. Ya, this plugin does a good job by notifying about any brute force attempts done. A very handy plugin indeed. Will try it out now.
Thanks for sharing your experience with us Leon. And I’m Kingging it on Kingged.com so that other too benefit like I did!
WordFence truly helped you. I am deeming that this must be used, and I am going to test it out if it’s good for me since I am convinced with your post. It is significant, thanks for the tip and for introducing this security system with us!
Hackers are everywhere in the world. Tsk!
I found this post shared on Kingged.com, the Internet marketing social bookmarking and networking site, and I “kingged” it and left this comment.
I have wordfence and I’m delighted with it. I get reports on who is going after my site and I can act immediately to block them. I’ve used the recommended blocks the author talks about, and I went ahead and paid for premium because it gave me Country blocking. That has worked wonders. My report for this last week showed 336 attempts just out of China alone. There are several great options and I’m trying them one at a time to make sure there are no conflicts.
One thing this has shown me, which concerns me, is that somehow a hacker has gotten hold of my subscriber list. He has tried to log on with each of the names there. That worries me and I’m not sure what I can do to prevent any hacker from seeing that. I’ve changed my log on, but if this guy can see my subscribers, then it won’t do me any good. Anyone have a clue about that and what I can do to prevent it other than the steps I’ve already taken?
Thanks Wordfence – I’m a fan!
I’m guessing your subscriber list is in your wordpress database?
You should ask wordfence or the wordpress support forums about this matter.
If your list is hosted from an email service like getresponse, then it would be much harder for hackers to attack.