Blocking Hack Attempts

  • consultant1027

    (@consultant1027)


    9 years ago

    I’m seeing abnormally high traffic for my WordPress website.

    This is a 99% static information site that is rarely updated (maybe one admin login every couple of months!) and not a high-traffic website. Site is getting 50K file requests. In looking closer taking a look at Webalizer reports I’m seeing that 37% of all hits is to the WordPress wp-admin.php page and 21% is to /xmlrpc.php which between those two totals 58% of all traffic.

    I’m also seeing 33% of the requests are coming from host.cawebsolutions.net

    This to me indicates the majority of traffic is possibly WordPress hack attempts? I’m running on a Cpanel based VPS and I have Config Server Firewall installed with typical settings. But CSF isn’t going to block WordPress hack attempts (not sure if it has a config though – seems I just need to have it auto block too many requests from same IP to wp-admin file within a period of time?)

    I’m wondering what your recommendation is on blocking this traffic if you agree it is hack attempts?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Jason King

    (@jasoncharlesstuartking)

    I use the WordFence plugin. There’s also the Sucuri plugin and the iThemes Security plugin.

    These plugins do most of the thinking for you, and are very good at blocking hack/login attempts and dodgy crawlers.

    This is one area where I think it’s worth getting the paid-for versions of a plugin.

    Thread Starter consultant1027

    (@consultant1027)

    The problem with plug-ins is if you are running a server with dozens and dozend of WordPress sites, making sure they all have the plug-in installed is not very efficient.

    If you run CSF (ConfigServer Firewall) on a Linux Cpanel VPS (Virtual Private Server) I just found this works great for providing a server-wide solution for all sites running on the server:

    https://smyl.es/how-to-block-wp-login-php-brute-logins-with-cpanel-mod-security-and-configserver-firewall/

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Blocking Hack Attempts’ is closed to new replies.