WordPress.org

Ready to get started?Download WordPress

Forums

  1. chetan0412
    Member
    Posted 9 months ago #

    Hi,

    I m using this plugin since long time, i didnt find any problem with plugging, but now hackers hacking my site frequently,

    can i have solution ?

    how to ban user ? daily min 300-500 bad req receiving. like admin , administrator , master bla bla bla.

    chetan

    http://wordpress.org/extend/plugins/better-wp-security/

  2. Handoko
    Member
    Posted 9 months ago #

    I have some advices, hope it can help.

    Do you use free hosting service? I ever used free hosting service, they inject ads into my database. Now I won't use any cheap or free hosting services. A good and reliable web hosting usually is not cheap.

    The computer you're using can be the source of the problem too. I mean if you're sharing the computer with others especially in internet cafe, you're risking your password being stolen. Do you save your passwords on the computer? It is risky, anyone can easy get the passwords if you're using Firefox. Also you need to make sure the computer is virus free. I personally use Linux.

    This Better WP Security is great, it really blocks and reduces the hacking attempts on my sites. You may need to consider manually ban the IPs who are frequently visit and try to hack your site.

    For useless bots (spambots) I also use Bad Behavior plugin. From the logs, I can see it really blocks a lot of bad visits.

    For improve the security further, you may also install these plugin:
    - Login Security Solution
    - BulletProof Security

  3. chetan0412
    Member
    Posted 9 months ago #

    Hi,

    thanks for reply

    1. Do you use free hosting service? - No

    2. I am using only my personal laptop only. and my laptop is virus free, even i didn't find any virus problem or software problem.

    3. can we use parallelly - Login Security Solution and BulletProof Security with BWPS ???

    Last time hackers deleted my admin account but i recovered by another account,

    Can we block particular user/Account to site like Admin , administrator?

  4. Handoko
    Member
    Posted 9 months ago #

    3. can we use parallelly - Login Security Solution and BulletProof Security with BWPS ???

    Yes you can, but some configurations are needed, here the author of Bullet Proft Security answered the question:
    http://wordpress.org/support/topic/plugin-interactions-bulletproof-security-better-wordpress-security

    Can we block particular user/Account to site like Admin , administrator?

    So far as I know, no. There is no such feature. Some users tried to create an account "Admin" and set the permissions to the lowest. But I personally think that is not a good idea.

  5. chetan0412
    Member
    Posted 8 months ago #

    Now i am really tiered from hackers...

    every day i am getting min 1000 of login trial.

    can i have step by step procedure to hide wp-login.php

    so we can login but hackers cant find,

  6. chetan0412
    Member
    Posted 8 months ago #

    after enabling ban user agent ips are showing like this

    110\.139\.148\.240
    110\.74\.213\.227
    111\\\\\.223\\\\\.97\\\\\.130
    112\.208\.11\.74
    118\\\\\.68\\\\\.221\\\\\.80
    119\\\\\.235\\\\\.84\\\\\.235
    120\\\\\.51\\\\\.32\\\\\.94
    124\.6\.181\.46
    125\.60\.246\.134
    130\.255\.238\.70
    153\\\\\.176\\\\\.149\\\\\.233
    175\.104\.246\.239
    175\.136\.215\.28
    176\\\\\.8\\\\\.3\\\\\.84
    178\.129\.251\.22
    178\.140\.52\.157
    182\\\\\.237\\\\\.185\\\\\.192
    182\\\\\.52\\\\\.48\\\\\.108
    188\.254\.159\.178
    190\.254\.91\.42
    193\.251\.21\.49
    193\\\\\.255\\\\\.104\\\\\.245
    196\.46\.245\.48
    196\.46\.245\.51
    212\.30\.16\.202
    217\.76\.68\.50
    24\\\\\.234\\\\\.93\\\\\.122
    27\.131\.188\.30
    2\.134\.44\.113
    2\.185\.126\.208
    2\.185\.83\.238
    37\.229\.98\.29
    39\.217\.58\.135
    41\.100\.171\.154
    46\\\\\.167\\\\\.207\\\\\.227
    69\\\\\.245\\\\\.105\\\\\.155
    69\\\\\.249\\\\\.218\\\\\.147
    82\.178\.100\.154
    84\\\\\.108\\\\\.179\\\\\.54
    85\\\\\.154\\\\\.175\\\\\.210
    89\\\\\.122\\\\\.5\\\\\.44
    92\.50\.9\.71
    93\.125\.74\.242
    95\\\\\.86\\\\\.122\\\\\.129

    is this correct????

    its should be xxx.xxx.xxx.xxx

    right?

  7. chetan0412
    Member
    Posted 8 months ago #

    hi ,

    just found option "Hide Backend"

    but i dont know how to use..

    can any one guide me????

    i tried eg.

    loging slug- XXX

    Register slug - YYY

    admin slug - zzz

    added secret key like wp-login.php?[xxxxxxxxxxx]&

    is there any wrong configuration ??? its working for me.

  8. Handoko
    Member
    Posted 8 months ago #

    Hi chetan, you may try Stealth Login Page plugin. It seems promising, I've tried it on one of my site.

    You may need to disable the 'hide login' feature on Better WP Security before you use Stealth Login.

    Good luck. And please report back the result, many users here will interested to know.

  9. chetan0412
    Member
    Posted 8 months ago #

    thanks Handoko,

    sure i ll try Stealth Login Page,

    thanks again.

  10. chetan0412
    Member
    Posted 8 months ago #

    Hi,

    its working,

    but i have one doubt, i have link by that i can access my login page, but what about other user?

    when i click on login link as guest, i redirect me on main page( i have configured on plugin, URL to redirect unauthorized attempts to - xxx)

  11. Handoko
    Member
    Posted 8 months ago #

    Hi, chetan0412. Sorry for the late reply, I didn't get any notification of your post.

    Did your talking about login link of Stealth Login plugin? I also a new user of the plugin, nothing much I can share. I think you should start a new thread on their plugin page, here is for Better WP Security.

  12. chetan0412
    Member
    Posted 8 months ago #

    today i hav installed 4.0 version,

    as per instruction

    i am not getting below mentioned instruction.

    Add the following variables to wp-config.php if you are on a MU site and want to globally activate it with the same settings on all sites (change what is in quotes to your liking):

    $slp_redirect "URL"; $slp_authorization "string";

    please help me to understand this.

    do i need to change anything in above mentioned line ?

  13. chetan0412
    Member
    Posted 8 months ago #

    i have installed and working perfectly.

    but it does not solve my problem..

    i am getting bad login entries as before.

    any solution???

  14. Handoko
    Member
    Posted 8 months ago #

    Hi cheatan0412.

    Did you activate multisite feature on your website? Do you know what is a multisite or MU? If your answer is no, you can simply skip the mentioned instruction.

    i have installed and working perfectly.
    You said it's working perfectly. I have visited your ifuturetech login page, I saw the website is not protected with Stealth Login Page. Did you installed it on other site?

    i am getting bad login entries as before
    Something you may need to know. Stealth Login was able to 'hide' your login page. But because of some reasons, the author disable the hiding feature and use an extra field on the login page. He said he will bring the hiding feature back in the next version. If you want the real hiding feature you should use the version 3.0.0.

    You now can still use this plugin and wait the next version which has the hiding feature. Or uninstall the version 4.0 and install the version 3.

    But I think it is safe even the plugin doesn't hide the login page, it is now more secure because it has authorization field needed to fill.

  15. chetan0412
    Member
    Posted 8 months ago #

    1. Do you know what is a multisite or MU? - now i am cleared about it.

    2. Did you installed it on other site?- no i have installed on same site as you mentioned, but now i have deactivated , coz, my user asking me to secret code, also many new user dont have secret code, and they are not able to login, or buy product that's why i have deactivated.

    see my post-

    http://wordpress.org/support/topic/how-to-install-11?replies=5

  16. Handoko
    Member
    Posted 8 months ago #

    I guess understand what you need.

    I recommend you to try zM Ajax Login & Register.

    Some weeks ago, If I'm not wrong, I've tried zM Ajax Login + Stealth Login Page 3.0.0. It worked, you may try.

    Here are what you need to do:
    1. Download Stealth Login ver 3.0.0. Click here to download.
    2. Make sure you have uninstalled Stealth Login version 4 and installed the version 3 you just downloaded.
    3. Install the zM Ajax Login.
    4. Goto menu > Settings > Stealth Login Page > enable the Enable Stealth Mode. Put your secret words in the "question" and "answers". For example: "monkey" in question, "banana" in answer. For the "URL to redirect", you can put anything you like, but I suggest you to put your home page url.
    5. Now users can login using zM Ajax Login. But to configure it, it is not easy, you need to read the documentation.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.