

Tell HN: Bots are Constantly trying to hack your Wordpress Sites - ChrisNorstrom

I installed the Better Wordpress Security plugin on all 4 of my wordpress powered sites because I was worried about hackers.<p>If anyone tries to login as the admin 3 times and fails they are IP banned permanently and I get an email of the IP address that tried it.<p>Within 2 days I started getting 2-4 emails a week per site and today I found this:<p>http://minus.com/lijJOdsVe8UD9<p>That's 149 IPs banned in a 24 hour period. My main blog got hit apparently by a cluster of hacker bots. If you run wordpress sites immediately install a login limiter or all-in-one security plugin like Better Wordpress Security:<p>http://wordpress.org/extend/plugins/better-wp-security/<p>You'll be amazed to see how many bots are trying to get into your cp.
======
Scryptonite
I manage an entirely node.js http server and note these pests snooping for
various logins and what-not. I created a page that targets them that basically
streams forever, so the connection has to be ended on their end.

I manage a gist to track which of them manage to stay connected the longest:
<https://gist.github.com/scryptonite/5324724/raw/log.md>

------
mergy
Indeed. I have been very happy with Login Security Solution over the last few
months.

<http://wordpress.org/extend/plugins/login-security-solution/>

------
petitmiam
Thanks for the tip.

I added a security plugin last week. Since then, I've received one or two
lockout emails per day. This morning I had 25.

------
bradnickel
It's true. Ever since I installed that, I've been amazed at the number of
lockouts on all of our client sites.

------
t0
Just use a good long password. It would take a lifetime to crack a 10 digit
password without words.

