blocked by firewall for Malicious File Upload (PHP)

Quite a few people have discovered that a simply HTML website can save huge amounts of time and money as compared to WordPress. I still have a few, they’re such a breath of fresh air compared to WordPress, which in my opinion is a flawed application I got convinced to use by its popularity, and regret doing so every day I spend time defending my livelihood from millions of virtual muggers and thieves.

As for spending your life blocking the buggers, yes, you need to go programmatic with applications such as WordFence. Try to think that way. You’ll still need manual work, I spend about 6 hours a week on security (including dealing with lame plugin upgrades), but I was spending twice that time before software such as Wordfence got better a few years ago. The criminals still have the upper hand in my opinion, but fighting them has become much less time consuming.

One of the most common issues here on this forum is from folks who had no idea how bad the attack levels have become, until they install Wordfence and see it all in Live Traffic and Blocking pages. We then get a posting of “what do I do, major attacks!?” I’m assuming that’s where you’re at? No compromise of website, just seeing the incredible level of attack attempts — the bot-apocalypse. If so, don’t obsess, around a full half of traffic on the internet is bots, mostly bad ones. Just learn Wordfence inside and out, as well as your .htaccess file. Beyond that, if you’re serious learn how to go “upstream” and adjust your server firewall and security settings.

MTN

Thanks for that ??

Hi @rik0399
Wordfence is doing the job for you! the only thing you might want to do is to keep learning more and more about website security, how do hackers attack your website, how to choose a better hosting provider, how to protect your WordPress website, the security checklist and other too many articles published on our learning center here. This should get you more familiar with web security fundamentals in general and how Wordfence plugin works.

Thanks.

i have done it both ways and unfortunately wordfence has let me down multiple times. it did not prevent it from being hacked in my opinion. i went through every setting i could find because this was the third time. i have no idea what is so important to the Russians that they feel the need to hack me again. so i thought i will create it in bootstrap instead. google seo hated that. as soon as i switched it back to word press i began getting traffic again. it was hacked again. i believe it was either through jetpack or through uploading a php and execute. i blocked countries, anything trying to login with anything other than my username. so now i have switched to ninja firewall. let’s give that a whirl because wordfence (the free version) is too easy to breach.

Hi @tedraortega

If you have Jetpack plugin installed on your site, then please check my reply here as that might be the entering point that allowed attackers from logging into your site, immediately change WordPress.com password and allow 2FA.

Thanks.