why is a new unpublished addon site being attacked?

  • Resolved bluewater

    (@bluewater)


    5 years, 2 months ago

    Just moved a brand new domain to my Bluehost hosted primary site as an addon, added Wordfence, which is reporting active login and blocking events. Wordfence is working.

    My question is about how I’m being attacked in the first place – the new website isn’t published, I have no content. I just installed WP and a theme last week but haven’t published it, Google hasn’t indexed it, etc. the domain shows a “website coming soon” page.

    Just wondering, does all this attack activity (attempted logins, etc) mean I have a breach in my primary?

    Sorry for the general question but couldn’t find this in documentation or elsewhere.

    • This topic was modified 5 years, 2 months ago by bluewater.
Viewing 2 replies - 1 through 2 (of 2 total)

  • Hey @bluewater,

    I understand it’s alarming to see your site under attack. But it’s actually really normal. We usually think of these as individuals who have some type of personal interesting on our site(s). The truth is the these are mind scripts meant to score the internet looking for the vulnerability it’s programmed to exploit. There’s only so much we can do to prevent an attack, it’s more about making sure they aren’t successful, which it sounds like Wordfence is doing.

    Please let me know if you have any other questions.

    Thanks,

    Gerroald

    Hi @bluewater,

    To add onto Gerroald’s answer,

    A lot of bots are able to access a registry of newly registered domains – and with this list, they can blindly attack websites with different methods.

    One of my sites (which doesn’t even use WordPress) has bots trying to access /wp-admin/ and other URLs.

    Dave

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘why is a new unpublished addon site being attacked?’ is closed to new replies.