bots crashed sites – host suggests Malcare

  • Resolved soundfeelings

    (@soundfeelings)


    4 years, 6 months ago

    I have many sites hosted with Cloudways. A few days ago, two of the sites completely crashed. I inquired and I received this info back from customer support:

    I have checked the logs and it seems that a few applications on the server had an xmlrpc.php and wp-login.php attack. We have introduced a new feature called bot protection to mitigate such attacks. Please consider activating this on your WordPress applications.

    I thought this was a “server side” blocker of bots but apparently when I accept it, it installs just like a wordpress plugin.

    I am loyal to WORDFENCE and things overall are working smoothly.

    I would rather not uninstall Wordfence on all my sites and install Malcare. But they are claiming that they are better at blocking bots.

    1) Is there some setting within Wordfence that I may have missed in wordfence to prevent this type of hack without switching over to Malcare?

    2) would it be bad to install Wordfence AND Malcare concurrently?

    Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @soundfeelings, great to hear that you are happy with Wordfence and are seeking our help with this.

    1. When a site is crashing due to bots, it is likely that the settings in Wordfence > All Options > Brute Force Protection are too lenient. I recommend trying 3-5 for attempts and password resets, counted over 4 hours, with a 30+ minute lockout. For extra protection, checking Immediately lock out invalid usernames will prevent a password attempt if the username doesn’t match a valid entry.

      Bots will often try the admin username by default, so if this user definitely does not exist, add that to Immediately block the IP of users who try to sign in as these usernames.

      Under Additional Options, checking Block IPs who send POST requests with blank User-Agent and Referer can also help.

      If you feel confident that your site does not use XML-RPC, you could also try checking Wordfence > Login Security > Settings > Disable XML-RPC authentication.

    2. There may naturally be overlapping features when running both products, so let me know if changing the above settings have stemmed the flow of bot attempts and prevented the crashes.

    Thanks,

    Peter.

    Thread Starter soundfeelings

    (@soundfeelings)

    Great help. Thank you!!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘bots crashed sites – host suggests Malcare’ is closed to new replies.