Jump to content

Welcome to Christian Writers!

We are a friendly community built around Christian writing, publishing, reading and fellowship. Register or sign in today to join in the fun!

Recommended Posts

The person who is helping me with my blog reported that it has been attacked. They have been trying unsuccessfully for several days, probably by some automatic kind of way (a script?), with 4,501 attempts over just a few days. Their efforts have been focused on the login, trying the simple ones ("admin" and "password1" kind of stuff) and some really weird ones. Fortunately, we have been a little more creative than that. 

 

Something to consider. She also set up a plugin that only allows a limited number of tries before shutting down the login for an hour. (At least my blog gets a little rest between attacks!) Fortunately for me, I'm working with a professional!

Share this post


Link to post
Share on other sites

So glad you have someone taking care of your site for you. You can also use sites like Cloudflare that offer security, which is what I use. Just thought I'd toss that in there in case anyone else is interested. :)

Share this post


Link to post
Share on other sites
35 minutes ago, carolinamtne said:

Something to consider. She also set up a plugin that only allows a limited number of tries before shutting down the login for an hour. (At least my blog gets a little rest between attacks!) Fortunately for me, I'm working with a professional!

 

Yes, this! Glad she set this up for you.

 

If the attacks are coming from a specific area (Russia or China, for example) that would bring little or no legitimate users to your blog, you might also consider blocking by geography. I find many of these type attacks come from areas overseas and this helps to restrict their access.

 

Another option is to change the URL of your login URL so bots can't find it in the first place.

  • Thanks 1

Share this post


Link to post
Share on other sites
2 hours ago, Rebecca said:

 

Another option is to change the URL of your login URL so bots can't find it in the first place. 

 

Curious, Bekka. How do you do that?

Share this post


Link to post
Share on other sites

I do recommend a password manager--I use LastPass--so that you can have a password that is both random and long enough to discourage anyone who does not have a geologic era to make attempts. Two-factor authentication is also good, if you can find a good plugin to implement it.

 

-Barry

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.