• [ Moderator note: moved to How-to and Troubleshooting. ]

    Someone has been attempting brute force hack on my sites all weekend. I have wordfence setup to block incorrect usernames but somehow he/she is now attacking my newest site I just put up last week that may not even be indexed by google. It is a duplicate of a site and has all the same plugins so I am wondering if it is possibly a plugin that is causing this hacker to attempt to brute force my new site. This is like looking for a needle in a haystack I know but do you guy/gals have any suggestions? Here is my list of plugins installed:

    A3 | Social Sidebar
    Akismet
    BNS Featured Category
    Contact Form 7
    Contact Form DB
    Contextual Related Posts
    Google Analytics by MonsterInsights
    HiFi
    InfiniteWP – Client
    Jetpack by WordPress.com
    Jquery Validation For Contact Form 7
    Nelio A/B Testing
    Prizm Image
    Really Simple CAPTCHA
    Responsive Menu Pro
    Simply Exclude
    W3 Total Cache
    Wordfence Security
    WP-Mail-SMTP
    WP-Polls
    Yoast SEO

    I have been considering changing my url for wp-admin to something else to see if that helps but I’m not sure if that will break anything.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator bcworkz

    (@bcworkz)

    I wouldn’t bother attempting to obfuscate the fact you have a WP site. In some cases it might help, but in many other cases it wouldn’t make any difference. This measure would fall under “security by obscurity”, which isn’t real security, though it might help on occasion. For recommended security measures that are actually effective, review Hardening WordPress. Not all measures are for everyone, but if certain measures work for your situation and aren’t too onerous or difficult, then they’re likely worth implementing.

    There’s all sorts of reasons how hackers find targets to attack. The mere mention of WordPress is sometimes enough. I have a completely static site the mentions WordPress a few times and it gets all manner of WP hack attacks despite the fact there isn’t a single form on the entire site. Just registering a new domain name seems to be an invitation for hackers to probe the domain’s site for vulnerabilities.

    It seems all plugin vulnerability probes are for long ago patched vulnerabilities. If you’ve kept your plugins updated and they are regularly maintained by the authors, there’s not any reason for concern. Sure, there could be a zero day vulnerability, but that’s highly unlikely.

    Brute force attacks do not leverage plugin vulnerabilities anyway. As long as all admin users use good strong passwords, there’s nothing to worry about from brute force attacks. Hack attacks happen, it’s part of having a website. Beyond having your security measures in place, there’s little need for concern. If you also keep good backups (you need to do this if you aren’t), and your DB does not contain anyone’s sensitive personal information, then there really is nothing to worry about.

    Thread Starter workinclasshero

    (@workinclasshero)

    Thanks for the reassurance. I have wordfence setup pretty secure with firewalls, login attempts, etc. The biggest concern was to cut down on server resources being used, I know how hard a brute force attack is on a site with a password over 6 characters so I’m not too worried about a hacker actually gaining access. I’d like to share this script in case anyone else is having issues. https://github.com/masterguru/antibot is a script that will cut down on brute force attacks, just add the script to the root of the site then use an include to add the script to wp-login.php. You will need to update it when wordpress updates though because it will be overwritten.

    I’ve looked over hardening wordpress and going to watch a video by Brad Williams about security (https://wordpress.tv/2010/01/23/brad-williams-security-boston10/) but I think I’ve done just about all I can do. Thanks for the helpful advice.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Attacks on my site via plugins’ is closed to new replies.