Alarming rate of blocked malicious attempts

[Chancer]

Over the night 2 of my sites acquired 200+ blocked malicious attempts.
This is getting me worried…
Is there anything i can do to prevent people from trying to brute-force their way in?

(both sites are WordPress and currently i have Akismet and JetPack installed on them)


The block counters are raising before my eyes :help:

 

[imnathanjames]

Have you got wordfence installed?

I use it. it is really good.
I have a tshirt site and everyman and his dog seem to want to get inside it.

 

[Chancer]

Thank you for the suggestion. I installed it now, hopefully it'll work as is. Otherwise i'll buy the premium version and block all IPs except my own

 

[Ron Killian]

I agree, wordfence can be very helpful.

As far as blocking IP's you want to be careful, you could block legit IP's and lose traffic and/or sales. Well, sure you know that.

Another thing, if you notice they are trying to log in with certain user names, you can set wordfence to automatically block any one (or bot) that tries to login with that user name. That has helped me. Like amin, (long as you are not using admin, which you shouldn't), and they usually try the domain name as a username or variations of it.

I also think you can block when they try to access a given url, but that should only be for url's that are not valid.

Wordfence has a firewall too, might be good for you in this instance, but I don't know that much about it.

Akismet is only for comment spam, and not really the best. But it helps.

 

[imnathanjames]

let us know how you get on.
At first it can be alarming because they email you about anyone trying to get in. You get used to it tho.
The wordfence team do a lot of research and background work keeping it all going and investigating potential viruses and threats. They also work together with plugin providers to identify any potential risks.

Hope it helps mate.

 

[vishwa]

Getting a security plugin is surely help you fight against spam and hacking attempts. I highly recommend to use Wordfence. If possible use Askimet and also use captcha on your login and registrations pages. Monitor your traffic and block any ip that you find suspected. You can block ip using Wordfence and it is also available on free version.

 

[Chancer]

Thank you all, wordfence seems to be working and hackers seem to have given up

By the way, is there any possibility that some servers (depending on the webhost) are attacked more often/more susceptible to attacks?
I'm asking because i'm looking at some cheaper hosts to create a PBN.

 

[EpicGlobalWeb]

Over the night 2 of my sites acquired 200+ blocked malicious attempts.
This is getting me worried…
Is there anything i can do to prevent people from trying to brute-force their way in?

(both sites are WordPress and currently i have Akismet and JetPack installed on them)


The block counters are raising before my eyes :help:

Before I answer this question, how are they being blocked? Are their IP's getting blocked or are they trying to log into something? If this is an urgent security matter, please PM me and I'll fix it if it's a DDoS or Database breech issue pro-bono.