Login to Website missed by Wordfence

Resolved durawax
(@durawax)

6 years, 3 months ago

I found this morning that someone from India logged into my WordPress admin panel on Jan. 11th using by login.
I am surprised that Wordfence did not stop this since it had been blocking the ip address range this login occurred from.

Besides the obvious of changing my password, what do I look for to see if anything was changed?

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

wfyann
(@wfyann)

6 years, 3 months ago

Hi @durawax,

Could you please confirm the IP range(s) you specified?

In order to make sure you site’s integrity hasn’t been compromised, please follow our site cleaning guide.
Thread Starter durawax
(@durawax)

6 years, 3 months ago
The ip address that was used is 45.116.182.124. It shows up on my blocked ip address for countries.
The error log for my site on that date showed that some changes to one of the widgets folders was tried but was denied.
Looking at the directories, I could not find any files that were modified on that date around that time or after.
Wordfence scans did not find anything.
The server logs for that time refer to jetpack, but the logs also show jetpack was installed on the 16th from my ip address – which corresponds to the folder and file dates. The last revision to jetpack was Jan. 2nd, so there would be not reason to install it twice.
- This reply was modified 6 years, 3 months ago by durawax.
wfchloe
(@wfchloe)

6 years, 1 month ago

Hi @durawax

Sorry we didn’t get back to you sooner! Unfortunately, there are many attack vectors associated with WordPress sites that lie outside of your WordPress installation like insecure servers, insecure passwords, encryption flaws, shared hosting, and many others; all these things combined make your site vulnerable to attacks. Wordfence helps protect and secure the WordPress installation side of your site and it does quite an excellent job at that. No security plugin can help protect your site against every vulnerability that lives there out in the wild, we can only help mitigate the risks associated with a vast majority of them. I recommend taking some time to go through these articles that will help you better understand WordPress security and how you can make your site invincible against all the attack methods that are associated with WordPress sites.

– https://www.wordfence.com/learn/wordpress-security-checklist/

– https://www.wordfence.com/learn/introduction-to-wordpress-security/

– https://www.wordfence.com/learn/how-to-protect-yourself-from-wordpress-security-issues/

– https://www.wordfence.com/learn/how-to-secure-your-wordpress-working-environment/

– https://www.wordfence.com/learn/how-to-harden-wordpress-sites/

If you have any questions please don’t hesitate to reach out!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Login to Website missed by Wordfence’ is closed to new replies.