Tell HN: Bots are Constantly trying to hack your Wordpress Sites

5 points by ChrisNorstrom ↗ HN
I installed the Better Wordpress Security plugin on all 4 of my wordpress powered sites because I was worried about hackers.

If anyone tries to login as the admin 3 times and fails they are IP banned permanently and I get an email of the IP address that tried it.

Within 2 days I started getting 2-4 emails a week per site and today I found this:

http://minus.com/lijJOdsVe8UD9

That's 149 IPs banned in a 24 hour period. My main blog got hit apparently by a cluster of hacker bots. If you run wordpress sites immediately install a login limiter or all-in-one security plugin like Better Wordpress Security:

http://wordpress.org/extend/plugins/better-wp-security/

You'll be amazed to see how many bots are trying to get into your cp.

6 comments

[ 18.1 ms ] story [ 291 ms ] thread
(comment deleted)
Just use a good long password. It would take a lifetime to crack a 10 digit password without words.
I manage an entirely node.js http server and note these pests snooping for various logins and what-not. I created a page that targets them that basically streams forever, so the connection has to be ended on their end.

I manage a gist to track which of them manage to stay connected the longest: https://gist.github.com/scryptonite/5324724/raw/log.md

It's true. Ever since I installed that, I've been amazed at the number of lockouts on all of our client sites.
Thanks for the tip.

I added a security plugin last week. Since then, I've received one or two lockout emails per day. This morning I had 25.