Are you running your own server? Do you have Fail2Ban installed?
Thanks for your advice.
No.
My websites are hosted on HostGator server. I’m not allowed to install software on their server.
Regards
Ideally your host should stop attacks before they reach you,but not all hosts are the same.
What you can do is either( or both )
1. install a security layer further out – i.e. on a CDN – e.g. Cloud Flare, other CDNs are available
2. Install a security plugin on your WP install, perhaps with a Web Application Firewall (WAF) built in – there are many available
Hi Allan,
Thanks for your advice.
I have following plugins installed on all my websites;
Limit Login Attempts
Wordfence Security
WP Cerber Security, Anti-spam & Malware Scan
The attackers are working in group, trying to login my websites but all failed. I have strong passwords. “Wordfence Security” informs me their attacks. I have to block their network with “Run WHOIS”. It is quite annoying. The attackers works in group of about 50~70 human and I have 40 websites running on Internet.
Could you please explain in more detail re “1. install a security layer further out – i.e. on a CDN…..”? Thanks
Regards
-
This reply was modified 2 years, 9 months ago by
satimis.
Personally I wouldnt bother blocking only a small attack like that WordFence will be blocking in the WAF, manually adding the IPs is fairly pointless as they will move to other IPs
Strong passwords is key. Humans trying to breakl a striong password will never happen, you need to make billions of attempts.
9 random characters need more than 5,000,000,000,000 attempts
Hi Allan,
Thanks for your advice.
I’ll take your advice, just ignoring them. I have strong password and out-off imagination username in combination.
Hi bbast2,
Thanks for your advice.
I’ll install two-factor authentication (2FA) following below link.
How to Add Two-Factor Authentication in WordPress (Free Method)
https://www.wpbeginner.com/plugins/how-to-add-two-factor-authentication-for-wordpress/#add-2fa-in-wordpress
Fortunately up-to-now the attackers fail to login my websites but just annoying.
Regards
-
This reply was modified 2 years, 9 months ago by satimis.
Hi all,
Just setup” “two-factor authentication (2FA) “. Perhaps I made a mistake in configuration. The one time password doesn’t come.
From cPanel of my hosting company I can login the website but unable to change item. It always popup entering one-time-password. I need to delete the plugin and start again. Please help. Thanks
Regards
Hi all,
I have deleted the plugin wp-2FA plugin via cPanel on the server of the hosting company. Now I can login the website without problem.
Please advise where can I find the tutorial to setup wp-2FA plugin. I’ll try it another time.
Thanks
-
This reply was modified 2 years, 9 months ago by satimis.
Hi bridgeitco,
Thanks for your advice.
I have installed “1on1 secure” on one of my websites for testing.
On Dashboard;
1on1 Secure
[Get API Key]
What is it used for?
Do I need to create an API key? Thanks
Regards
Hi Allan,
Thanks for your advice and link.
I read that link before but can’t resolve the “API Key” and its use?
Regards
You should really ask them
https://ww.wp.xz.cn/support/plugin/1on1-secure/
But I think their readme is quite clear
Free 6-Month Renewable License
No Credit Card required
1on1 Secure is an anti-spam plugin which works with the premium Cloud Anti-Spam service 1on1Secure.com. This is a Serviceware plugin
Th API key is clearly required to access the cloud service and needs to be manually reviewed every 6 months.
