Limit Login Attepts

[Zaino]

What if anything do you all do about attempted hacking of your wordpress sites? I have 1 site in particular that gets hundreds of login attempts every week. Its all admin cracking attempts though so im not terribly worried, it just pisses me off knowing its happening.

 

[LiamGallagher]

Just use a plugin to avoid possible complications in the future.
On average, I get between 7 and 10 IP blocks per day. Don't know what they're trying but it's better not to risk. I use this plugin

WordPress › Limit Login Attempts « WordPress Plugins

 

[Zaino]

Yes that is the plugin I am using. I am receiving tons of notification via email. Someone had mentioned in a nother thread soemwhere that IP blocking isnt really going to stop anyone. Would it stop anyone from here? No way lol.

I was more curious if everyone experiences this or what steps to avoid it all together?

 

[(O_o)]

Nothing will stop someone who is determined enough to get in.

Auto blocking IPs after X attempts will block most automated scripts and dummies on /wp-admin/. Wont stop someone with a huge botnet and w WP cracking script.
Renaming /wp-admin/ to something else will stop all autocracking/bruteforce scripts
Deleting user Admin and making the Admin username something else besides Admin

If you want to get more hardcore than that, you can restrict the wp-admin access to your IP only and that should stop anything.

Then you have weak plugins that could always get hacked so thats another way in.

I've slowly been migrating away from WP for anything that needs to be 'secure' and is going to be getting a lot of traffic/be important. GL.

 

[igl00]

Just use a plugin to avoid possible complications in the future.
On average, I get between 7 and 10 IP blocks per day. Don't know what they're trying but it's better not to risk. I use this plugin

WordPress › Limit Login Attempts « WordPress Plugins

that!

 

[LiamGallagher]

Nothing will stop someone who is determined enough to get in.

Auto blocking IPs after X attempts will block most automated scripts and dummies on /wp-admin/. Wont stop someone with a huge botnet and w WP cracking script.
Renaming /wp-admin/ to something else will stop all autocracking/bruteforce scripts
Deleting user Admin and making the Admin username something else besides Admin

If you want to get more hardcore than that, you can restrict the wp-admin access to your IP only and that should stop anything.

Then you have weak plugins that could always get hacked so thats another way in.

I've slowly been migrating away from WP for anything that needs to be 'secure' and is going to be getting a lot of traffic/be important. GL.

What CMS are you migrating to? It's a pain to manage 10+ sites when all of them are under attack every single day.

 

[(O_o)]

What CMS are you migrating to? It's a pain to manage 10+ sites when all of them are under attack every single day.

100% all custom self made. HTML5, css, php, sql.

 

[Zaino]

update lulz