Support » Plugin: BulletProof Security » Someone is trying to hack my site right now – should I do anything?

  • Resolved truthizhere

    (@truthizhere)


    I’m so glad I have bulletproof security! About 90 minutes ago I started getting automatic emails from the BP plugin that someone is trying to log in to the only two accounts I have, but has used the wrong password 5 times in a row so has been locked out for 30 minutes. I don’t know how they got the account usernames.

    They (or the bot) have tried every 30 minutes for the last 90 minutes. Anyway both accounts have unique 20 character complex passwords. Do I need to do anything? Or just sit secure knowing that they won’t be able to get in?

    http://wordpress.org/plugins/bulletproof-security/

Viewing 6 replies - 1 through 6 (of 6 total)
  • I don’t have any answers for you but one of my blogs is currently being attacked as well.

    Peace…

    Plugin Author AITpro

    (@aitpro)

    See these Forum Topic links below for things you can do to protect against ongoing login attacks/cracks. The basic idea is you do not want to display your Administrator user account publicly and you want to protect against bot probes looking for user account names or user id’s.

    Display the WordPress admin or editor username

    WordPress Author Enumeration Bot Probe Protection – Author ID, User ID

    Plugin Author AITpro

    (@aitpro)

    Another method that I think is not posted in the first link is to do this.
    Create an Administrator account that is ONLY used for logging into the site. NEVER create a Post or Page with that Administrator account so that the user account/author name will never be displayed publicly. That Administrator user account will only be used for logging into the site and nothing else.

    Another method that I think is not posted in the first link is to do this.
    Create an Administrator account that is used for logging into the site. NEVER create a Post with that Administrator account so that the user account/author name will never be displayed publicly. That Administrator user account will only be used for logging into the site and nothing else.
    Thank you
    Bygooma011

    Great tips! Thanks guys. The guys/bots kept up trying for the past 24 hours but seem to have stopped now. In any case I logged in and created a new Administrator account which I will only use for Admin and never have the user/account name displayed publicly; I changed the existing accounts permissions from Admin to Author; and also changed the display name so that the blog’s displayed Author’s name is different from the account name.

    Great info! Thanks.

    Plugin Author AITpro

    (@aitpro)

    Resolving Thread.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Someone is trying to hack my site right now – should I do anything?’ is closed to new replies.