Wordpress login security?

lezinterracial · 2013-04-06, 07:58 PM

I have been getting alot of attempts at wp-login.php for blackonwhitelesbian.com. I have just been denying the ips in htaccess.

Is their a captcha plugin or something similar that you suggest?

Apologize for the noob question, but what are they trying to do? Just add backlinks or takeover the site?

Cleo · 2013-04-06, 09:31 PM

I remember seeing someone posting about a plug-in that would disable IPs after a certain amount of attempts.

Personally I just use really strong user names and passwords. It's not just my WP installs that have constant attempts it's all my scripts login pages. It's even my home network which lately seems to be under attack from Korea.

lezinterracial · 2013-04-07, 01:30 AM

Quote:

Originally Posted by Cleo

I remember seeing someone posting about a plug-in that would disable IPs after a certain amount of attempts.

Personally I just use really strong user names and passwords. It's not just my WP installs that have constant attempts it's all my scripts login pages. It's even my home network which lately seems to be under attack from Korea.

Yea, I got somebody from Berlin and I got a bot that hits from 5 different IPs every so often.

Probably gonna make my passwords a little longer.

I hope the North Koreans aren't targeting Cleo's Links.

housekeeper · 2013-04-08, 10:58 PM

I've just started using Better WP Security and I like it a lot, bans users temporarily for a myriad of different techniques people use to compromise your site.

I've also got Bullet Proof installed on a couple of sites, also good.

The nice thing about Better WP is you can choose your level of security, some tweaks require a more significant server load than others, but I've been quite happy with it since I've installed it.

lezinterracial · 2013-04-09, 04:48 PM

Quote:

Originally Posted by housekeeper

I've just started using Better WP Security and I like it a lot, bans users temporarily for a myriad of different techniques people use to compromise your site.

I've also got Bullet Proof installed on a couple of sites, also good.

The nice thing about Better WP is you can choose your level of security, some tweaks require a more significant server load than others, but I've been quite happy with it since I've installed it.

Thanks Housekeeper. I am gonna look into it.

I was just getting tired of seeing those attempted logins. I just renamed my wp-login for a while. Next time I want to login I will rename it back to wp-login. They are still hitting wp-login, even though it isn't there.

dreadbandit · 2013-04-09, 05:32 PM

Maybee "just add backlinks" AND "takeover the site" ?

anyway what I'd do for sure is having a freaking long password (my favourite are long sentences with mixed in characters)... anything above 30 characters makes me feel all right and safe

there was a release of funny md5 hash decoder which simply check out if that hash is already on the net. So you know... rememberingAboutPassKeepsMy$$$Safe666,

DonX · 2013-04-12, 09:58 AM

Yeah, I've been having that same issue. Might have to give that plugin Housekeeper recommended a shot.

ArtWilliams · 2013-04-12, 04:49 PM

(Ooops! I see that you're doing what I suggested below. Sorry.)

Here is what I suggest. Add the following text to your .htaccess file:

<Files ~ "^wp-login.php">
Order deny,allow
Deny from all

Allow from x.x.x.x
</Files>

You will need to replace x.x.x.x with your current IP address.

Not sure what your current IP is? Go to Google.com and type "what is my ip?" No one will be able to login to your WP account except from your IP.

Cleo · 2013-04-12, 06:28 PM

Brute Force Attacks Build WordPress Botnet

lezinterracial · 2013-04-13, 02:35 AM

Quote:

Originally Posted by artwilliams

(Ooops! I see that you're doing what I suggested below. Sorry.)

Here is what I suggest. Add the following text to your .htaccess file:

<Files ~ "^wp-login.php">
Order deny,allow
Deny from all

Allow from x.x.x.x
</Files>

You will need to replace x.x.x.x with your current IP address.

Not sure what your current IP is? Go to Google.com and type "what is my ip?" No one will be able to login to your WP account except from your IP.

I tried something like that before. But I didn't get it to work. Must have been a typo or something. But I may try it again. Thanks.

housekeeper · 2013-04-15, 04:34 PM

I'm seeing largely 'too many attempts to open a file that does not exist' which is getting blocked by WP security, and some 'bad login attempts'. But the brute force isn't as sophisticated or intense as what is run on paysites, so far.

2013-04-06, 07:58 PM	#1
lezinterracial Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button Join Date: Dec 2012 Posts: 152	Wordpress login security? I have been getting alot of attempts at wp-login.php for blackonwhitelesbian.com. I have just been denying the ips in htaccess. Is their a captcha plugin or something similar that you suggest? Apologize for the noob question, but what are they trying to do? Just add backlinks or takeover the site? __________________ www.lezinterracial.com Best Free Cam Girls Last edited by lezinterracial; 2013-04-06 at 08:02 PM..

2013-04-06, 09:31 PM	#2
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	I remember seeing someone posting about a plug-in that would disable IPs after a certain amount of attempts. Personally I just use really strong user names and passwords. It's not just my WP installs that have constant attempts it's all my scripts login pages. It's even my home network which lately seems to be under attack from Korea. __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2013-04-08, 10:58 PM	#4
housekeeper Oh! I haven't changed since high school and suddenly I am uncool Join Date: Sep 2009 Location: New York City Posts: 250	I've just started using Better WP Security and I like it a lot, bans users temporarily for a myriad of different techniques people use to compromise your site. I've also got Bullet Proof installed on a couple of sites, also good. The nice thing about Better WP is you can choose your level of security, some tweaks require a more significant server load than others, but I've been quite happy with it since I've installed it. __________________ Trans-Glam Productions photography - design - video production twitter

2013-04-09, 05:32 PM	#6
dreadbandit A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one! Join Date: Feb 2006 Location: nl Posts: 51	Maybee "just add backlinks" AND "takeover the site" ? anyway what I'd do for sure is having a freaking long password (my favourite are long sentences with mixed in characters)... anything above 30 characters makes me feel all right and safe there was a release of funny md5 hash decoder which simply check out if that hash is already on the net. So you know... rememberingAboutPassKeepsMy$$$Safe666, __________________ fuck... there's so much money to make! : ]

2013-04-12, 09:58 AM	#7
DonX No matter how good you are at something, there's always about a million people better than you Join Date: Jun 2004 Location: San Jose, California Posts: 234	Yeah, I've been having that same issue. Might have to give that plugin Housekeeper recommended a shot. __________________ Monkey Spanking Cash New Galleries Added Monday thru Friday

2013-04-12, 04:49 PM	#8
ArtWilliams You can now put whatever you want in this space :) Join Date: Sep 2004 Location: Toronto, Canada Posts: 6,244	(Ooops! I see that you're doing what I suggested below. Sorry.) Here is what I suggest. Add the following text to your .htaccess file: <Files ~ "^wp-login.php"> Order deny,allow Deny from all Allow from x.x.x.x </Files> You will need to replace x.x.x.x with your current IP address. Not sure what your current IP is? Go to Google.com and type "what is my ip?" No one will be able to login to your WP account except from your IP. Last edited by ArtWilliams; 2013-04-12 at 05:12 PM..

2013-04-12, 06:28 PM	#9
Cleo Subversive filth of the hedonistic decadent West Join Date: Mar 2003 Location: Southeast Florida Posts: 27,936	Brute Force Attacks Build WordPress Botnet __________________ Free Rides on Uber and Lyft Uber Car: uberTzTerri Lyft Car: TZ896289

2013-04-15, 04:34 PM	#11
housekeeper Oh! I haven't changed since high school and suddenly I am uncool Join Date: Sep 2009 Location: New York City Posts: 250	I'm seeing largely 'too many attempts to open a file that does not exist' which is getting blocked by WP security, and some 'bad login attempts'. But the brute force isn't as sophisticated or intense as what is run on paysites, so far. __________________ Trans-Glam Productions photography - design - video production twitter