Brute Force Entry

Wordpress

Brute Force Entry

Brute Force Entry. Why people are doing this ?
For myself, I have several website under my supervision.
Well…. supervision is maybe a big word for it.
As a volunteer I am doing the maintenance of a website for a foundation.
Next to that, I have two/three websites of my own that I maintane.

A few weeks ago, suddenly I wa getting automated emails from the foundation website, that people are trying to get in on the Admin page of the foundation.
After checking some log files, I found out, that people were trying to get in by using the user admin and then just start guessing the password.

I know now that this is som kind of bot that they will let loss on the site to get in.
But why this website ?
It is of a foundation and they only use the website to publish some events they organize.
There is no members special entry or login or what so ever.
But still, what to do about this “unwanted” visitors.

Also in this case, internet/google is your best friend.
Because the website is build with WordPress, for some reason it is very interesting for others to try to get in.
Mainly because a lot of people who setup this kind of website, will eave the standard user “admin” as their user to get into the backend.
They also use the standard way of folders for the login.

The first thing you alway’s should do when setting up a WordPress site is, to remove the user admin and make a new user with admin rights.
Also never use a user name that is easy to guess.
Like the name of the website or company or organisation.
The same as for the password.
Don’t use the website name, comapny name or organisation name as a password.
And also not the standard 123456 or abcdefg etc etc

Instead, use small and capital letters combined with special characters and numbers.
Just mix them up.
The longer the password and the more combinations you have, the more difficult it will be to guess.

Also put in some extra plugins.
Like the limit login attempts.
Another good one is iThemes Security in combination with Simple IP BAN.

Normally iThemes Security should be enough.
In there you can register and save IP addresses of people who did try several times to get entry to your backend.
But I found out, that even when a IP address was in the blacklist, they could still try it later again.
The IP address was not banned.
That’s why for the foundation I also used Simple IP BAN.

Just put the IP address you wanted to BAN in the blacklist and save.
You will not see any attempts of that IP address anymore.
You also can put a IP address range in there because sometimes you see the next IP address in line, to also try to get entry.

In iThemes Security, there is a logfile.
This keeps track of all the IP address and users that had a failed login attempt.
When you click on the IP address in the logfile, they will show on a tracker IP website, the owner of the IP address.
In the list you also can find an abuse email address.
The first week I tried to send emails to those email addresses, but never got any reply.
So I gave up on it.
Now I just block the IP address or range that I get from the website.

You can see that this works, because you will not find the IP address back in the logfiles anymore.
So if you have the same kind of problem, just give the two plugins a try.
After installing, you need to play with the settings a bit, to see what will work for you.

Good Luck.

 

 1,925 total views,  2 views today

This entry was posted in Wordpress and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.