How can I stop constant hacking attempts

  • Hi Folks
    I have a live wordpress install that has started experiencing nearly constant brute force hacking attempts.

    I have wordfence, Move login and Remove version plugins installed, active and configured with the aim of preventing attacks from succeeding. I have followed the information on hardening WordPress, permissions on files and directories are fairly tight, user names don’t match screen names and are randomised phrases, passwords are strong, Wordfence blocks IPs after n number of incorrect retries, etc, etc

    So while I’m no security, or even WordPress, expert by any means I’m pretty happy that security is as good as it can be while still having an operating blog run by non-techie people.

    Yet I’m getting about 30 – 40 emails a day from the Wordfence plugin about hacking attempts from servers all over the world, all trying the same set of usernames and being IP-blocked.

    Is there anything further I can do to actually stop the hacking attempts?
    Do other sites customarily suffer this situation on an ongoing basis?

    Thanks, T

Viewing 3 replies - 1 through 3 (of 3 total)

  • You cannot actually “stop constant hacking attempts”, of course, and dealing with them as best you can is all anyone can do.

    I’m getting about 30 – 40 emails a day from the Wordfence plugin about hacking attempts from servers all over the world, all trying the same set of usernames and being IP-blocked.

    That sounds to me like you have told Wordfence to immediately block all attempts with those names.

    If you wish, maybe take a look at the NinjaFirewall plugin that runs out in front of WordPress and can stop certain traffic from ever even arriving.

    There isn’t much that can be done to stop the attempts, just make it less appealing for those users. Be sure to keep everything up to date and continue to do what you’re doing. If you want to go a step further, I believe Securi offers firewall services that will help with this and SiteLock offers a malware scan/removal tool to help any successful hacks.

    Thread Starter tobymole

    (@tobymole)

    Thanks for the info folks. I’ll take a look into the firewall services mentioned.

    Do you know is cloudflare much good at mitigating these types of attacks?
    I tried using cloudflare before on another site (for other reasons) but never got it working, so left it sitting in the dust and dont really want to spend time fiddling around with it again if it is just to find out it doesnt really help.

    Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How can I stop constant hacking attempts’ is closed to new replies.

Tags