WordPress.org

Forums

[resolved] Brute Force Attack (23 posts)

  1. Lesley Ward
    Member
    Posted 9 months ago #

    I appear to be under attack by someone trying to hack my website. :-(

    I've put in a really complicated password which WP thinks is strong but I'm wondering if there's anything else I can do to stop these attacks?

    I saw somewhere that you can install a plug in to limit the number of incorrect login attempts but the link was very out of date.

    Does anyone have a more up to date plug in or any more suggestions?

    Thanks for your help.

  2. respectyoda
    Member
    Posted 9 months ago #

    I would suggest you to use a security plugin such as WordFence or iThemes Security.

  3. Matthew
    Member
    Posted 9 months ago #

    iThemes Security has special settings for brute Force Attacks which work very well.

  4. Lesley Ward
    Member
    Posted 9 months ago #

    Thanks guys.
    I currently have Sucuri Security - that's where I'm getting the emails about the failed logons.

    Do you know if this is as good as iThemes Security?

  5. BritishTraveler
    Member
    Posted 9 months ago #

    The Hackers always learns the new things to hack. You must Ithemes Security, but still I suggest you to keep backups from time to time.
    I was too got an attack, but without using any plugins there is no risk for me until today.

    Give a try and see all the plugins are built for security only.

  6. Matthew
    Member
    Posted 9 months ago #

    iThemes Security is the best security plugin IMHO. You can also schedule backups which is good to do.

  7. Lesley Ward
    Member
    Posted 9 months ago #

    Thanks again.

    I am now installing iThemes Security on all my websites!

    Out of interest, do you know if this replaces Akismet for comment spam? It seems too but wanted to make sure before switching Akismet off.

  8. Matthew
    Member
    Posted 9 months ago #

    I don't think it does.

  9. respectyoda
    Member
    Posted 9 months ago #

    iThemes Security will not replace Akismet for comment spam. It is best to add fields to comment forms such as Captcha, etc.

  10. Tara
    Volunteer Moderator
    Posted 9 months ago #

  11. Lesley Ward
    Member
    Posted 9 months ago #

    Thanks for the suggestion about iThemes - looks really good.

    Thanks for the link Tara - I have a very strong password and a non-admin user name so hopefully am safe from attacks!

    I may be naive but i really can't understand what these hackers get out of this. Don't they have a life?

  12. Matthew
    Member
    Posted 9 months ago #

    Great!

  13. khanna64
    Member
    Posted 9 months ago #

    Hi there,

    It would appear that my website is under attack.

    I have had 63 of the following notifications (so far) since Monday morning.

    Dear Site Admin,
    A user, xxxxxxxx, has been locked out of the WordPress site at http://xxxx.com.au due to too many bad login attempts.
    The user has been locked out until 2014-08-20 11:53:27.
    To release the lockout please visit the lockouts page.
    *This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.

    I think I have as much security in place as possible but maybe I'm missing something....

    Does anyone know how to stop/find whoever it is trying to hack my website.

    Kym

  14. Matthew
    Member
    Posted 9 months ago #

    These errors are notifying you that someone was locked out of your website. If you have your brute force attacks set up right, once them do this x times they will be locked out forever.

    You could add some extra security by changing the login URL (wp-admin to something else) if you haven't already. Or you can try to add to passwords in place like this video.

    If you just want to turn the notifications off, just go into your settings and under Global Settings titled Enable Email Lockout Notifications.

  15. Trampolini
    Member
    Posted 9 months ago #

    According to analytics, this page is the top referrer to my site:

    http://wordpress.btradercn.com/support/topic/static-header-1

    What is the "btradercn" domian and why has it also mimicked my own site:

    http://www.tvwatchparties.btradercn.com?

    Does anyone know anything about subdomain hacking? Would security plugins help this issue? I am taking measures to protect my site. I started with Wordfence but after reading this thread I'll give IThemes a try too.

    It appears btradercn.com is registered with GoDaddy and is owned by someone in China. What would be the motive of mimicking a site with a subdomain?

  16. respectyoda
    Member
    Posted 9 months ago #

    @Trampolini, don't hack someone's thread. Please post your own thread.

  17. khanna64
    Member
    Posted 9 months ago #

    Hi Matthew
    Thank you for your feedback and information - I really appreciate it.
    I checked the areas you mentioned:
    1. My login area is protected from brute force attacks (I did that when I first set up my website). I'm not sure how many times it takes for them to be locked out forever, but it would seem that the attacks have stopped (after 4 days.....). Fingers crossed.
    2. The admin user has been renamed (I also did that when I first set up my website).
    3. I didn't want to turn the notifications off because I wanted to know when they were trying & when they stopped, plus because they had my username (which I can't change) and they were being locked out, so was I so I couldn't access my own website - argh.....
    So, thanks a bunch again for your help - hopefully because the password was so strong, they have given up and gone away!
    Kym

  18. Matthew
    Member
    Posted 9 months ago #

    Great! One other thing that you can do is change the login URL. You can do that in iThemes Security also.

  19. khanna64
    Member
    Posted 9 months ago #

    Hi again Matthew,

    Thank you for your extra tip.

    My hope that the hackers had given up and gone away was short lived as it started again this morning.....argh!

    I struggled to find where to change the login URL but I was given another tip which I have followed and hopefully it will prevent future hacking attempts.

    For anyone who has the same issue, maybe the following will help:-
    Change Username = you cannot change the existing username - however, there is a workaround!
    1. You need to create a new user with admin rights
    2. Log out of the old admin account
    3. Log into the new admin account
    4. Delete the original admin account

  20. Matthew
    Member
    Posted 9 months ago #

    That is another good security percussion.

    The place to change the admin login URL is under the "Hide Login Area" section in the settings page.

  21. khanna64
    Member
    Posted 9 months ago #

    Thank you Matthew for following up with the location of where to change the login URL - I will certainly keep this information for future reference.
    At this stage, it would appear that creating a new username with admin rights and then deleting my original username has done the trick - the attacks have stopped. Yippee!

  22. Matthew
    Member
    Posted 9 months ago #

    Great! Glad I could help you!

  23. khanna64
    Member
    Posted 9 months ago #

    Very helpful and very professional Matthew - thank you once again.

Reply

You must log in to post.

About this Topic