Keeping out the bad guys

Having installed the Counterize plugin on a number of sites I observed that over 70% of hits were coming from a few automated hacker-bots seeking vulnerabilities This was overburdening the server. If you were looking at your traffic reports and marveled at how many hits you were getting from China and the Ukraine, now you know why.

Bots can attack a site looking for susceptible plugins and unprotected logins. Some pound away at the site with hundreds of queries, several per second, for minutes on end. These forays slow down the server and can sometimes cause the server to exceed its memory allocation and reset, causing downtime.

Successful assaults can leave your site in the control of the hackers. They then can use your site and mail service to launch assaults on other sites to bring them under control. Ultimately these “bot nets” can be marshaled to launch distributed denial-of-service (DDoS) attacks shutting down major servers and networks.

Successful hacks can also result in all your traffic being redirected to unsavory porn and gambling sites.

These efforts are for two purposes, to protect the site from being hacked and spammed, and to prevent server overload. I’ll deal with specifics on the second issue in another article.

To start all instances of malicious code and vulnerable plugins must be removed. In the case of one client who came to me with a site that had already been infected it was a vulnerability in a feature called Tim Thumb.

To protect against further attempts at hacking, security measures were installed to block known bad IP numbers, and to monitor and block suspicious behaviour, known types of viruses and spam.

To the above ends I now install a number of plugins on all WordPress sites:
Counterize: This handy tool allows me to see which computers (identified by threir IP addresses) have visited the site. Suspicious behavior like too many hits in one day can warrant further investigation. A visit to an IP lookup site can tell us if a site is blacklisted. Bad actors’ IP are added to a list which are specifically banned from the site. Counterize can also track countries of origin, browser used, keyword searched, and even track the individual viewers progress through the site. Useful information when optimizing traffic flow. Usually I leave these additional features turned off to avoid the extra processing power.
Bad Behavior: Screens incoming traffic for tell tale signs of spam and blocks it. In many cases the hackers are even prevented from viewing your site.
Bulletproof Security: BPS looks for . BPS also inserts filters for known viruses into the .htaccess file , as well as a list of known bad IPs to block. That’s where I put the IPs that I find with .
Captcha: Those little testsdesigned to fool the bots thatyou have to pass to log in or to leave a comment.

And one more basic thing, just to be safe: never use the default username “admin” on your site. That’s the one that all brute force login assaults try first. And of course follow the usual guidelines for creating passwords: more than 8 characters, and a combo of capitals, lower case, numbers and symbols. Never use words that can be found in the dictionary.

One of the keys to keeping a WordPress site invulnerable to incursions is to maintain the currency of the theme, all the plugins and WordPress itself.

I would advise all users to periodically visit their sites and check the dashboard for update notifications. With a couple of clicks your site will be safe from hacker attacks. Or better yet use something like Advanced Auto Updater to keep them current.

And finally, just in case an update causes some conflict which breaks your site, or worse, your security measures fail to prevent an attack and your site becomes compromised, always keep multiple backups. Back up your site contents and database regularly, and keep multiple copies in different locations. I use UpdraftPlus which allows you to backup to a location on the host server, and/or to the cloud. I also like to download a copy to my computer just to be safe.

Good luck!

Comments are closed.