WordPress can be a terrific website platform. However, its popularity and its open source nature make it a favorite target for attackers. Two real-time defenses:
- WordPress Simple Firewall plugin: detects bad behaviors by comment spammers, blacklisted clients. and brute force password crack attempts
- http:BL WordPress plugin: redirects visitors who are on a public dynamic blacklist to a honeypot page, which is seeded with unique email addresses that can give away spammers.
One plugin that logs malicious activity:
- SEO Redirection plugin: logs 404 (page not found) errors. Reviewing the log file allows an administrator to block future access of IP addresses that attempted to discover cracks in his or her firewall or execute administrative PHP scripts.Caveat: Use care to ensure that you don’t mistakenly block search engines’ spiders and other legitimate robots. (I’d erroneously blocked three IP addresses that are used by the GoogleBot spiders. That explains why the website suddenly disappeared from Google’s search results. D’oh!)
I use and recommend all three of these WordPress plugins on self-hosted WordPress installations. They work. I’m amazed by the persistence of attackers on my WordPress sites. (Most attacks originate from Russia, Ukraine, China, Netherlands, Germany.)
© Russ Bellew · Fort Lauderdale, Florida, USA · phone 954 873-4695