I have small hosting biz that I have built up over many years on a dedicated managed server. I am not a programmer. I can't even write HTML code. But I do know how to read and get along OK fixing things with copy / paste. But I am now pretty much at my wits end. I host about 40 WP sites and over the past few weeks, it's a rare one that has not been hacked at least once; some as many as four times.
I have tried cleaning them out but although the attacks and defacing are now down to "only' two or three a day, they do continue with impunity.
I have gone into the hacked sites and made sure everything is updated. I have removed all unused themes and plugins. I have hardened the passwords. I have deleted all users execpt admin.
A few days later, the same site gets it again. In one that happened today, I fund the logs contain a strange sequence of the following access attempts to every file in the site:
184.108.40.206 - - [30/May/2012:13:29:31 -0400] "GET / HTTP/1.1" 200 147953 "-" "Java/1.6.0_04"
220.127.116.11 - - [30/May/2012:13:29:33 -0400] "GET /wp-login.php HTTP/1.1" 200 2564 "-" "Java/1.6.0_04"
18.104.22.168 - - [30/May/2012:13:29:33 -0400] "GET /xmlrpc.php HTTP/1.1" 200 42 "-" "Java/1.6.0_04"
That's just the first four lines. It goes on for more than 100. Based on that time stamp, it seems to be the successful attack.
So, my questions are, what can I do to stop these attacks? what can I change so they are not effective?
Any advice or help would be greatly appreciated. I am not a charity case but I am 79 years old and this is the only thing I have that gives me a better life than Social Security.