|
2013-04-06, 07:58 PM | #1 |
Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button
Join Date: Dec 2012
Posts: 152
|
Wordpress login security?
I have been getting alot of attempts at wp-login.php for blackonwhitelesbian.com. I have just been denying the ips in htaccess.
Is their a captcha plugin or something similar that you suggest? Apologize for the noob question, but what are they trying to do? Just add backlinks or takeover the site? Last edited by lezinterracial; 2013-04-06 at 08:02 PM.. |
2013-04-06, 09:31 PM | #2 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
I remember seeing someone posting about a plug-in that would disable IPs after a certain amount of attempts.
Personally I just use really strong user names and passwords. It's not just my WP installs that have constant attempts it's all my scripts login pages. It's even my home network which lately seems to be under attack from Korea. |
2013-04-07, 01:30 AM | #3 | |
Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button
Join Date: Dec 2012
Posts: 152
|
Quote:
Probably gonna make my passwords a little longer. I hope the North Koreans aren't targeting Cleo's Links. |
|
2013-04-08, 10:58 PM | #4 |
Oh! I haven't changed since high school and suddenly I am uncool
|
I've just started using Better WP Security and I like it a lot, bans users temporarily for a myriad of different techniques people use to compromise your site.
I've also got Bullet Proof installed on a couple of sites, also good. The nice thing about Better WP is you can choose your level of security, some tweaks require a more significant server load than others, but I've been quite happy with it since I've installed it. |
2013-04-09, 04:48 PM | #5 | |
Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button
Join Date: Dec 2012
Posts: 152
|
Quote:
I was just getting tired of seeing those attempted logins. I just renamed my wp-login for a while. Next time I want to login I will rename it back to wp-login. They are still hitting wp-login, even though it isn't there. |
|
2013-04-09, 05:32 PM | #6 |
A woman is like beer. They look good, they smell good, and you'd step over your own mother just to get one!
|
Maybee "just add backlinks" AND "takeover the site" ? anyway what I'd do for sure is having a freaking long password (my favourite are long sentences with mixed in characters)... anything above 30 characters makes me feel all right and safe
there was a release of funny md5 hash decoder which simply check out if that hash is already on the net. So you know... rememberingAboutPassKeepsMy$$$Safe666,
__________________
fuck... there's so much money to make! : ] |
2013-04-12, 09:58 AM | #7 |
No matter how good you are at something, there's always about a million people better than you
|
Yeah, I've been having that same issue. Might have to give that plugin Housekeeper recommended a shot.
|
2013-04-12, 04:49 PM | #8 |
You can now put whatever you want in this space :)
|
(Ooops! I see that you're doing what I suggested below. Sorry.)
Here is what I suggest. Add the following text to your .htaccess file: <Files ~ "^wp-login.php"> Order deny,allow Deny from all Allow from x.x.x.x </Files> You will need to replace x.x.x.x with your current IP address. Not sure what your current IP is? Go to Google.com and type "what is my ip?" No one will be able to login to your WP account except from your IP. Last edited by ArtWilliams; 2013-04-12 at 05:12 PM.. |
2013-04-12, 06:28 PM | #9 |
Subversive filth of the hedonistic decadent West
Join Date: Mar 2003
Location: Southeast Florida
Posts: 27,936
|
|
2013-04-13, 02:35 AM | #10 | |
Well you know boys, a nuclear reactor is a lot like women. You just have to read the manual and press the right button
Join Date: Dec 2012
Posts: 152
|
Quote:
Last edited by lezinterracial; 2013-04-13 at 02:48 AM.. |
|
2013-04-15, 04:34 PM | #11 |
Oh! I haven't changed since high school and suddenly I am uncool
|
I'm seeing largely 'too many attempts to open a file that does not exist' which is getting blocked by WP security, and some 'bad login attempts'. But the brute force isn't as sophisticated or intense as what is run on paysites, so far.
|
|
|