Posted 11 months ago #
Last night, I couldnt get into the backend of my blog, kept on getting a password incorrect error, even though it definately was the right password.
I was just wondering, is there a plugin that shows not just the visitors, but their IP address plus allows you to ban them, via the backend. If it hadnt been for the fact that they also joined my forum, I would not have been able to get the ip address.
Thank you.
John.
Posted 11 months ago #
Isnt there a plugin that records and keeps IP addresses, does anybody have one? Its really important for me that I find one, that works with wp. Thank you.
the ips of ALL of your visitors are viewable within your server logs. There all kinds of "stats" plugins ..
as well as ..
http://www.google.com/search?hl=en&q=wordpress+ban+ip+visitor+plugin&btnG=Search
I read your original post last night, and couldnt help but think that that you havent thought through whatever youre trying to accomplish though. Retroactively banning IPS isnt going to solve whatever security issues you think you have.. (I chose my words there on purpose, since youve not demonstrated that you were hacked-- password issues dont suggest anything other than the normal, repeatable password issues).
And even so, anyone thats behaving maliciously is going to be using a proxy IP, so banning the IP is a stop-gap measure, NOT a solution.
Last night, I couldnt get into the backend of my blog, kept on getting a password incorrect error, even though it definately was the right password.
If it hadnt been for the fact that they also joined my forum, I would not have been able to get the ip address.
again, learn to read your server logs.
Posted 10 months ago #
Well, lets put it this way, when I eventually got back in, my e-mail address and password had been changed, which stopped me getting onto my blog. It didnt just happen on one of my profiles, but both of them. I have my admin and also an editor profile, so that I know exactly what my members can and cant do. So I do think that something had happened for both to have been changed.
Posted 10 months ago #
Glad you were able to get back in, kind of sounds like you might have been brute forced, if you have phpmyadmin setup here's a quick way to change your password back if it happens again: http://educhalk.org/blog/?p=23 (might save you some time). My advice going forward would be to make hard passwords.
Posted 10 months ago #
Oh wow cotton.rohrscheib@pleth.com, thank you very much, that is really useful. I have got quite a strong password now, so hopefully I wont get hacked again. I've also Bookmarked that in case it happens again. I do have phpmyadmin access.
You must log in to post.
