- This topic has 0 replies, 1 voice, and was last updated 2 months, 2 weeks ago by Anonymous.
- Question
-
- September 23, 2023 at 9:30 pm
AnonymousInactiveHi all,
Recently my websites are heavily attacked by human, about 50~70 attacks on each website. They tried to login my websites but all of them failed. But there are lot of works for me to do.
I have about 40 websites running on Internet. I have to run “run whois” to block their networks.
Is there a method to stop them visiting my websites? Please advise. Thanks in advance
Regards
Are you running your own server? Do you have Fail2Ban installed?
Thanks for your advice.
No.
My websites are hosted on HostGator server. I’m not allowed to install software on their server.
Regards
Ideally your host should stop attacks before they reach you,but not all hosts are the same.
What you can do is either( or both )
1. install a security layer further out – i.e. on a CDN – e.g. Cloud Flare, other CDNs are available
2. Install a security plugin on your WP install, perhaps with a Web Application Firewall (WAF) built in – there are many available
Hi Allan,
Thanks for your advice.
I have following plugins installed on all my websites;
Limit Login Attempts
Wordfence Security
WP Cerber Security, Anti-spam & Malware ScanThe attackers are working in group, trying to login my websites but all failed. I have strong passwords. “Wordfence Security” informs me their attacks. I have to block their network with “Run WHOIS”. It is quite annoying. The attackers works in group of about 50~70 human and I have 40 websites running on Internet.
Could you please explain in more detail re “1. install a security layer further out – i.e. on a CDN…..”? Thanks
Regards
Personally I wouldnt bother blocking only a small attack like that WordFence will be blocking in the WAF, manually adding the IPs is fairly pointless as they will move to other IPs
Strong passwords is key. Humans trying to breakl a striong password will never happen, you need to make billions of attempts.
9 random characters need more than 5,000,000,000,000 attempts
Hi Allan,
Thanks for your advice.
I’ll take your advice, just ignoring them. I have strong password and out-off imagination username in combination.
Firstly, consider using a reliable security plugin like Wordfence or Sucuri Security to monitor and protect your websites. These plugins offer features like firewall protection, login attempt monitoring, and IP blocking.
Additionally, you can limit login attempts and enforce strong passwords for all users. Implementing two-factor authentication (2FA) can add an extra layer of security. Regularly update all themes, plugins, and your WordPress version to patch any known vulnerabilities.
Lastly, consider working with your hosting provider to block malicious IPs at the server level for a more comprehensive defense. Stay vigilant and keep monitoring your website’s security to stay ahead of potential threats.
Hi bbast2,
Thanks for your advice.
I’ll install two-factor authentication (2FA) following below link.
How to Add Two-Factor Authentication in WordPress (Free Method)
https://www.wpbeginner.com/plugins/how-to-add-two-factor-authentication-for-wordpress/#add-2fa-in-wordpressFortunately up-to-now the attackers fail to login my websites but just annoying.
Regards
Hi all,
Just setup” “two-factor authentication (2FA) “. Perhaps I made a mistake in configuration. The one time password doesn’t come.
From cPanel of my hosting company I can login the website but unable to change item. It always popup entering one-time-password. I need to delete the plugin and start again. Please help. Thanks
Regards
- You must be logged in to reply to this topic.
