Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

The first attacks to my website

I installed WordFence, and I'm so glad I did! I also followed some advice on how to secure my website. It's really time well spent!

I still have almost no visits to the website, but suddenly, 2 days ago, I got hundreds of visits. Most of them were to my login page. Wordfence blocked many IP's. Interestingly enough most of them are from Russia and Ukraine. I don't get the interest these countries might have in my courses in Spanish. LOL.

I'm pretty confident my web is secure (I followed every advised action I found around). But, just in case, should I take any additional step? Or just do nothing?
[-] The following 1 user Likes pepedeticher's post:
  • Genesis
When I installed a wordpress it ask me if I want to install Loginizer security.  Free version is good enough for stopping bruce force attacks. It advising you to set file permission to 0444 for wp-config. php and .htaccess.  So if you haven't already done so make sure you set those permission with or without this plugin.  Just go to your cpanel file manager or through ftp software on your pc.

Cloudflare is another one you can get free SSL, so you can either drop Let's Encrypt and use cloudflare or you can make them work side by side (many tutorials on google).  Cloudflare is built to be anti-brute force attacks.

One cool feature of cloudflare I found out recently while reading view source on one of my website is that they encrypt your emails, say you have email: in your code, then cloudflare will somehow encrypt that so it looks normal when you visit the website but the code is different it looks like
email: <a href="/cdn-cgi/l/email-protection" class="__cf_email__" data-cfemail="8beaeff9e2eae5edfee7ffe4e5eceae7e7eef9e2eef8cbece6eae2e7a5e8e4e6">[email protected]</a>

Was checking out wordfence and I may give it a try, seems like a good plugin I like their 2FA feature.
[-] The following 1 user Likes GndZ3r0's post:
  • pepedeticher
I am not an expert, but one tip for you.
Go to securityheaders site & do a test.
To help you,  get HTTP Headers plugin for fix it easily.
[-] The following 2 users Like daya143's post:
  • GndZ3r0, pepedeticher
for your security ,
You shoud add an extra security layer to your website with hosting your dns address to an Anti DDos service providers like cloudflare.
it has also an option wich called : "I'm Under Attack".
this service check your website compeletely first to identify that you are not an attacker bot and after that gain you access to your website.

Users browsing this thread:
1 Guest(s)

The first attacks to my website459