WordPress.org

Ready to get started?Download WordPress

Forums

All In One WP Security & Firewall
[resolved] How to ban IP from a country (9 posts)

  1. Olivia
    Member
    Posted 11 months ago #

    Hello,

    Thank you for this AWESOME plug-in! Without it, my blog would be a complete chaos by now.

    I am getting 4-5 attacks a day ave. from Egypt, China, Taiwan, Indonesia, Turkey, Sweden, you name it. Blocking them one by one every day. I changed my password to 17 mixed characters and numbers, and feel a bit better. But, here is the problem.

    The attack from Indonesia got all the usernames of my registered users (not allowed to get into admin) and trying them all. I do not have control over their password, so Scary! I am not techy at all, so please help me.

    #1. How did they get the usernames of my registered people?
    #2. How can I block the IP addresses of a certain country, like entire Indonesia?
    #3. What is the best way to keep my blog safe against such attacks?

    I would appreciate your help! The "-" or other range indicator available yet?

    Thank you!

    http://wordpress.org/plugins/all-in-one-wp-security-and-firewall/

  2. Olivia
    Member
    Posted 11 months ago #

    I forgot to ask . . .

    #4. If I set up the Cookie Based Brutal Attack Prevention, will I be able to use another browser or commuter to log in?

    They have all the usernames !!! Now it came from Netherlands. How did they get them ???

    I know I asked a lot of questions, but thank you for your patience with a non-geek : )

  3. wpsolutions
    Member
    Plugin Author

    Posted 11 months ago #

    We don't currently have a "block by country" feature but we will introduce something in a future update.

    I recommend you use one of the following to protect your site's login page:

    1) Brute Force Prevention feature.
    Yes you can use this from any browser or computer. You just need to remember your secret word.
    Please see this for more info:
    http://www.tipsandtricks-hq.com/all-in-one-wp-security-plugin-cookie-based-brute-force-login-attack-prevention-feature-5994

    2) Whitelist feature
    This will only allow the IP addresses you have specified in the settings to access your admin page.
    (Just remember that if your IP changes you will need to enter the new address in the whitelist settings.
    If you get locked out it's no big deal because as long as you have FTP access it is easy to rectify this.)

  4. Olivia
    Member
    Posted 11 months ago #

    Thank you for the quick reply.

    Yes. I will set up the Brute Force Prevention. Thank you for the link. I will read it. But, not so sure about the whitelist because I use VPN all the time. I am really not comfortable using FTP yet. I have it, but not too savvy with it. Can I get around it?

    I have changed the time-out setting to 2 X in 1 min. They are shooting at me like automatic! 4 attempts in 1 min. It hurts to be popular : (

    Also, how can they get the usernames? Has my blog been already breached?

    Thanks!

    Oh . . also, what if I purge the cookies??? The instruction page did not address that. I have to type in or copy the secret URL?

  5. wpsolutions
    Member
    Plugin Author

    Posted 11 months ago #

    what if I purge the cookies?

    It doesn't matter because as long as you use the secret word in the URL, the plugin will take care of the cookie automatically by renewing it. (see the link I sent you for more info about the cookie based brute force feature)

    how can they get the usernames? Has my blog been already breached?

    Without looking at your site setup and situation it is difficult to guess at exactly how they would've retrieved the usernames or what access they have.

    Another suggestion is that you change your account usernames so that the old ones become invalid.

    After that, when you apply one of the suggestions I gave you in my last reply you should be a lot more secure.

  6. Olivia
    Member
    Posted 11 months ago #

    Thank you.

    Is it possible for you to look at my site and investigate?

    olivetjournal.com

    I will follow your suggestions, but will need to contact all my registrants by e-mail asking them to change their use names. I cannot keep doing that.

    If I need to hire you for a fee, I am willing to do it. When you find out a weak point, you may be able to integrate a solution into the plug-in, so will help others also.

  7. Olivia
    Member
    Posted 11 months ago #

    OK . . .

    I did it. I had the Brute Force Prevention measure installed, and got the new URL. But, I am not sure if I did it right.

    I put the new URL in the address box and hit [Enter], but it goes to the original Log-In URL and, my browser fills in the UN and PW as it has been programmed to do so.

    Is it the way it is supposed to be?

    - - - - - - - - - - - - - - - - - - - - - - -

    p.s.: I found an interesting blog article on Brute Force Attack on WP HERE that discusses "backdoor."

  8. wpsolutions
    Member
    Plugin Author

    Posted 10 months ago #

    I put the new URL in the address box and hit [Enter], but it goes to the original Log-In URL......Is it the way it is supposed to be?

    Yes - congratulations you are a now successfully using the Brute Force prevention feature.

    Regarding the username/password automatically being filled in - your browser is doing that so for your situation that's normal.

  9. Olivia
    Member
    Posted 10 months ago #

    Well . . . It seems to be working fine. And I have not had any e-mail attack notice for 24 hours.

    Thank you for you assistance!

    Regarding the usernames that were leaked, it is not from my admin site, since no one has broken in. So, I posted a note in the WP support so the team may pick it up and look in to it. They might know how to get them from WP registration system.

    Blessings!

Reply

You must log in to post.

About this Plugin

About this Topic