JacobN

Hey Bente,

Nice slick looking blog you’ve got there! Seems pretty easy to navigate from a UI stand point, and it looks like you’ve got the basic SEO stuff down with your Title, H1 and H2 tags. Your permalinks look to be nice and search engine friendly as well.

From the technical side I’d look at this GTMetrix report and work on possibly optimizing and scaling your images to make your site as fast as possible which search engines love.

https://gtmetrix.com/reports/www.travelwithallsenses.com/nyx0xh0c

For instance on this POST I’m about to mention you have the Plugin Yet Another Related Posts Plugin that is adding “You Might Also Like”. It’s using this image which is 315KB and 650×443 in size:

https://www.travelwithallsenses.com/wp-content/uploads/2013/03/MG_0797.jpg

It’s only displaying it at 120×120 but still loading the entire image. So GTMetrix estimates you could knock off 94% of the file size if you just created a 120×120 version of the image.

One thing you might want to watch out for is unique and accurate descriptive ALT text on your images also. For instance on this post:

https://www.travelwithallsenses.com/travel-safe-secret-pocket/

Here is your ALT text in order of the 3 images:

Travel safe with a safe pocket!
Travel safe with a safe pocket, easy to make.
Travel save with a self made safe pocket.

This could seem like keyword stuffing to Google in some cases, so you might want to use ALT tags to actually describe what is going on in an image. Here’s Google’s own Matt Cutts on the topic:

On that page, I’d use ALT texts like this instead:

passport on travel safe pocket
travel safe pocket in sewing machine
travel safe pocket in pants

Google’s algorithms are getting more and more advanced and the more you can describe your page content to them, the more likely they are going to pull up your page for related searches. For instance you might think you’re targeting “travel safe pocket”, but if a human Google’s “how to create a pocket with a sewing machine” because you’re being more descriptive to Google about your page content it might also allow you to show for that query.

Anyways not really seeing too much else to improve on, great stuff, it’s easy to navigate around and looks good too!

– Jacob

Sure no problem at all, thanks for taking a look ??

It looks like the Fast Secure Contact Form uses the /captcha/cache/ directory to place CAPTCHA challenge responses temporarily.

When using the Better WP Security plugin, you can navigate to Security from the left-hand menu, then click on Intrusion Detection.

If you scroll down to the File Change Detection section, there is a Include/Exclude List drop-down that you should set to Exclude. Then below that in the File/Directory Check List field type in an exception for the Fast Secure Contact Form cache directory like this:

wp-content/plugins/si-contact-form/captcha/cache

That should stop you from getting alerts about files in that specific directory.

– Jacob

Awesome! Thank you @mpd2002 and @madmakz for tracking this down. I opened up the key-check.php file and looked at the lrss_check_update() function and located the problem:

$reqUrl = "https://wordpress.cloudapp.net/api/update/?&url=". $request . "&agent=". $agent. "&v=" . $v. "&ip=".$ip . "&p=" . $pluginId;

Try to go to that URL and you can see the service is unavailable. So either comment out this line and leave the plugin activated (dunno how it affects it) or just remove the plugin and it should be good to go!

Thanks again! Our customers were having this issue and now I have a solution to give them ??

@psybertron

There are still multiple reports of this same WordPress brute force attack continuing across multiple providers.

It’s not as wide-scale as when it first seemed to really pick up back in the middle of April, but these attacks will probably continue to trickle on for quite some time until the botnet as a whole has stopped or moved on to something else.

– Jacob

Hey @patrickhealy,

I had linked to an article I wrote on protecting against these type of attacks, but WordPress doesn’t want external sources posted here.

Basically I’d recommend not relying on WordPress login limit or security plugins for this type of attack. If you’re on a Linux web-host, you can just use some simple .htaccess rules to block everyone out of your admin but yourself.

The current brute force attacks that have been taking place, are not POST’ing to the wp-login.php script with a proper referer being passed. So if you require a proper referer to be passed, this can block those. Then you can lock it down even further with IP allow rules to only allow yourself in.

If your domain name was example.com, and your IP addresses that needed to access the WordPress admin were 123.123.123.123 and 123.123.123.124 I’d recommend using these rules:

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_REFERER} !^https://(.*)?example\.com [NC]
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.123$
RewriteCond %{REMOTE_ADDR} !^123\.123\.123\.124$
RewriteRule ^(.*)$ - [F]
</IfModule>

An even further level of protection would be to employ a secondary .htaccess password, you would want to fully password protect the /wp-admin directory, and then in your .htaccess file in the WordPress root directory you’d also add that password protection to your wp-login.php script with these rules:

<FilesMatch "wp-login.php">
AuthType Basic
AuthName "Secure Area"
AuthUserFile "/home/example/.htpasswds/public_html/wp-admin/passwd"
require valid-user
</FilesMatch>

Also using the .htaccess file you can Google for “country IP blocks” and then simply block entire countries that you don’t want to have access as well.

Once you start locking down and securing WordPress this way, I’d then recommend simply checking on your website’s access-logs every so often, if one IP has been continually hitting your wp-login.php script and getting 403 access denied errors from the .htaccess rules, you could then start to block them at your server’s firewall to prevent any further attempts from even making it to the site.

– Jacob

@jan, no problem at all. I’ll keep it to just text help going forward ??

@jan my apologies, I wasn’t trying to spam, if you read through the link it’s just trying to provide help for people having these issues. I had built my guide off of the reference material I had seen floating around a lot of places regarding this recent attack.

Most of our customers were struggling following codexs and other technical guides, so just thought others might also benefit from the easy steps with screen shots and what not.

I’ll go ahead and stop linking to it, as most people right now are just coming to it from Google searches, but figured people directly searching here might benefit as well.

Sorry again.

– Jacob

I’m not sure if you guys are aware, but there has actually be a recent large scale WordPress login brute force attack going on.

[ Copy deleted. Please stop spamming the forums with your links. ]