Yakezie.com - Topic: Preventing Wordpress Hackers

Eric - PersonalProfitability.com on Preventing Wordpress Hackers

Wed, 11 Sep 2013 07:45:24 +0000

I have Wordfence on my most important sites (big server resource hog, so not all sites) and WP Firewall. The combination is pretty solid at keeping the bad guys out. There are lots of hacks that don't require using wp-login.

Anton Ivanov on Preventing Wordpress Hackers

Mon, 09 Sep 2013 21:28:45 +0000

I would highly recommend the Better WP Security plugin. Once you set it up, it's the most full-proof WP protection I've seen. For example for log-ins into the admin panel, it actually renames and redirects the default WP log-in path to whatever you want to to prevent simple brute force attacks. You can also set a limit on incorrect log-in attempts, block certain users from accessing your site altogether, etc., etc.

Hope it helps you out!

Financial Independence on Preventing Wordpress Hackers

Mon, 09 Sep 2013 06:00:08 +0000

I've had /wp-admin/ locked down for a few weeks and haven't noticed any ill effects. I'll definitely keep an eye out for your post though, it's a fine line between securing your site and going overboard and potentially effecting usability.

debtroundup on Preventing Wordpress Hackers

Sun, 08 Sep 2013 09:42:55 +0000

I have a post going up on Modest Money this wednesday about protecting your site. You shouldn't ever try to prevent access to wp-admin because there are many plugins that use it. You should always lock down wp-login.php. Nice work!

Financial Independence on Preventing Wordpress Hackers

Sun, 08 Sep 2013 06:05:05 +0000

Actually, just to update I figured out what my issue was. Hopefully this can help others as well so I thought I'd share my solution.

It turns out that the hackers weren't trying to access my admin area using /wp-admin/ but by simply using /wp-login.php

Using this tutorial I locked down my wp-login file and the bad requests stopped instantly.

Financial Independence on Preventing Wordpress Hackers

Sun, 08 Sep 2013 05:32:02 +0000

I have a wordpress plugin which automatically blocks IP addresses trying to log into my admin panel after a number of incorrect password attempts. I have noticed that I have started recieving regular notifications of this happening, so I locked my /wp-admin/ directory using 'Password Protect Directories' in CPanel.

This doesn't seem to have stopped the login attempts, they are somehow still getting to my login page. Has anyone seen this before and can they give me any tips?