WordPress.org

Support

Support » Plugins and Hacks » Hacks » [Resolved] Brute Force Attack

[Resolved] Brute Force Attack

  • I appear to be under attack by someone trying to hack my website. 🙁

    I’ve put in a really complicated password which WP thinks is strong but I’m wondering if there’s anything else I can do to stop these attacks?

    I saw somewhere that you can install a plug in to limit the number of incorrect login attempts but the link was very out of date.

    Does anyone have a more up to date plug in or any more suggestions?

    Thanks for your help.

Viewing 15 replies - 1 through 15 (of 22 total)
  • I would suggest you to use a security plugin such as WordFence or iThemes Security.

    Moderator Matthew

    @kidsguide

    iThemes Security has special settings for brute Force Attacks which work very well.

    Thanks guys.
    I currently have Sucuri Security – that’s where I’m getting the emails about the failed logons.

    Do you know if this is as good as iThemes Security?

    The Hackers always learns the new things to hack. You must Ithemes Security, but still I suggest you to keep backups from time to time.
    I was too got an attack, but without using any plugins there is no risk for me until today.

    Give a try and see all the plugins are built for security only.

    Moderator Matthew

    @kidsguide

    iThemes Security is the best security plugin IMHO. You can also schedule backups which is good to do.

    Thanks again.

    I am now installing iThemes Security on all my websites!

    Out of interest, do you know if this replaces Akismet for comment spam? It seems too but wanted to make sure before switching Akismet off.

    Moderator Matthew

    @kidsguide

    I don’t think it does.

    iThemes Security will not replace Akismet for comment spam. It is best to add fields to comment forms such as Captcha, etc.

    Thanks for the suggestion about iThemes – looks really good.

    Thanks for the link Tara – I have a very strong password and a non-admin user name so hopefully am safe from attacks!

    I may be naive but i really can’t understand what these hackers get out of this. Don’t they have a life?

    Moderator Matthew

    @kidsguide

    Great!

    Hi there,

    It would appear that my website is under attack.

    I have had 63 of the following notifications (so far) since Monday morning.

    Dear Site Admin,
    A user, xxxxxxxx, has been locked out of the WordPress site at http://xxxx.com.au due to too many bad login attempts.
    The user has been locked out until 2014-08-20 11:53:27.
    To release the lockout please visit the lockouts page.
    *This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.

    I think I have as much security in place as possible but maybe I’m missing something….

    Does anyone know how to stop/find whoever it is trying to hack my website.

    Kym

    Moderator Matthew

    @kidsguide

    These errors are notifying you that someone was locked out of your website. If you have your brute force attacks set up right, once them do this x times they will be locked out forever.

    You could add some extra security by changing the login URL (wp-admin to something else) if you haven’t already. Or you can try to add to passwords in place like this video.

    If you just want to turn the notifications off, just go into your settings and under Global Settings titled Enable Email Lockout Notifications.

    According to analytics, this page is the top referrer to my site:

    http://wordpress.btradercn.com/support/topic/static-header-1

    What is the “btradercn” domian and why has it also mimicked my own site:

    http://www.tvwatchparties.btradercn.com?

    Does anyone know anything about subdomain hacking? Would security plugins help this issue? I am taking measures to protect my site. I started with Wordfence but after reading this thread I’ll give IThemes a try too.

    It appears btradercn.com is registered with GoDaddy and is owned by someone in China. What would be the motive of mimicking a site with a subdomain?

    @trampolini, don’t hack someone’s thread. Please post your own thread.

Viewing 15 replies - 1 through 15 (of 22 total)
  • The topic ‘[Resolved] Brute Force Attack’ is closed to new replies.