September 14, 2014 at 5:45 am #124314
I have built a website for a customer (http://nblc.com.au) and it went live on Friday. We used the Outreach Pro theme and have WordFence (free version) installed. In the last hour, we have have over 600 login attempts from different IP addresses trying to use '' as the username. Thankfully, WF has locked out each and every attempt so far.
I have removed the login button down the bottom for now and increased the security level on WF to Level 4.
I have built a load of sites in the past 12 months and I am now accustomed to some attempts on the sites (maybe 1 or 2 per day?) but never 600 in an hour!
The only thing I have done differently here is added a Password Protected page for my client (Members Only). Everything else is just standard.
What the hell is going on???http://nblc.com.au/September 14, 2014 at 6:44 am #124326Brad DaltonParticipant
Because you have enabled registration, you will get bots searching for registration in URL's of WordPress sites so you'll need to add extra security for registration spam in WordPress.
I think a good place to post this question would be on the WordPress forums or the WordFence forums.
September 14, 2014 at 11:41 am #124374WebmasterMember
There are several reasons that you can find yourself in such a battle. Did you recently purchase that domain name? Is that a new hosting provider for you? Whatever it is, you have two options: run or fight. You could ask your hosting company for a new IP number, but If you don't think it is your domain name or your IP address then running won't help for long.
The first thing I would do is setup a firewall, such as iptables, and start blocking out entire blocks.
For instance, if you have a hacker/bot that's hitting your site, you will get an IP address in Wordfence. If you check that IP address and find it is from Amsterdam -- and you don't do business in Amsterdam -- then you could deny access to the entire Class A block of IP numbers.
So if the log shows you're getting pounded from IP address 18.104.22.168 and you see that entire block is from Amsterdam then just block or request a new IP number. Then you can add a DENY entry in your firewall for 22.214.171.124/8 and thus eliminating 16,277,214 IP addresses from causing you a headache.
You can also block subnets in case the Class A address contains IP addresses from both, countries you do business with and countries you don't do business with. Eventually, the trouble will subside.
“If it works, mark the post as [Resolved] so others will feel comfortable trying the solution on their website.“September 14, 2014 at 8:25 pm #124440AnitaKeymaster
I was having this same issue for a couple of weeks. I added several plugins, but the one that worked that shut them down - was adding a Captcha to the login screen at the /wp-login.php and /wp-admin. Once I added the Captcha - they stopped.
Love coffee, chocolate and my Bella!September 14, 2014 at 11:26 pm #124444
Anita, is that something I can add to the code of the site? I am a bit of a novice to be honest...September 15, 2014 at 6:05 am #124482AnitaKeymaster
They are plugins. You need to have this one called WP-reCAPTCHA
https://wordpress.org/plugins/wp-recaptcha/installed first and then you install this one to add it to the log in page WP Login reCAPTCHA
Love coffee, chocolate and my Bella!September 15, 2014 at 3:25 pm #124560
Thanks Anita. They look pretty good 🙂
- The topic ‘Major Security Issue in progess on my site’ is closed to new replies.