Hi roma100, why don’t you lock your site?
If you are doing development so, apply the HTTP Auth by which only people who have the http auth username and password only they can access your site.
Hello Sami
Thanks for taking the time to reply. Much appreciated. Can you point me in the right direction of read up on how to set up HTTP Auth.
Regards
roma100, you can apply the http auth by using the WordPress plugins.
There are multiple plugins which can do the job for you. Here are some of the plugins you can try:
If you have any issue to activating the plugin so let me know.
Thanks,
Sami
Yes, HTTP Auth will certainly add another layer of security. FYI, HTTP Digest is MUCH stronger than HTTP Basic, though either one is probably adequate.
You say you are not using the purevision theme. Does this theme exist on your server at all? If not, the sort of access you are seeing are random probes for site vulnerabilities. You will continue to see such probes as long as your site is online. If your site does not have the vulnerability they are looking for, you have nothing to worry about from these probes, HTTP Auth or not.
This is why we recommend you always use a theme (and plugins) that is regularly maintained and that you always stay updated to the latest version of everything on your server. This way your site quickly gets fixes for any vulnerabilities that are discovered.
Hi Sami ……… Sorry I did not reply earlier. Thanks for your plug-in suggestion I will certainly sit down later and look deeper into the suggestions.
Your support is very much appreciated.
Regards
Hello bcworkz
Just read your reply. Thank you for taking the time to respond.
It seem that yourself and Sami (above) are suggesting the same action to follow. ……. that is to install a HTTP Auth plugin.
My only concern I have is when I looked up Http authorization on Google it appears everyone who is writing a past wants to tell me how to by-pass the settings of such a plug in.
I guess if someone tries hard enough they will break-in to any site regardless of the prevention that have been installed.
Bcworkz …..I welcome the heads-up on the choice of plugin.
Thanks for your help and guidance.
Regards
Honestly, I wouldn’t use HTTP Auth myself. Still, it was a good suggestion on Sami’s part, and I did not wish to diminish it. There are other ways to secure your site. See Hardening WordPress. No one would implement everything mentioned. Select methods that best fit your situation and try a few.
The main point I wanted to make is just because a hacker is looking for a particular .swf file does not mean your site is at risk. There is only a risk if your site has the vulnerable version of that file somewhere. Even if you lock your site down so tight that you are the only one that can get in, you could still get hundreds of probing requests every day for files you don’t even have. Just because the hackers knock at your door, it does not mean they can get in if the door is locked!
Everyone has their own security philosophy for their site, which varies by the site’s needs. A shopping site collecting credit card information needs a lot more security than a simple personal blog. I personally rely mainly on a strong password to secure my site. The only additional security is a plugin to limit login attempts, nothing else. I keep everything up to date and have never had a problem.
That doesn’t mean I won’t have a problem. If I do, no big deal, I also keep good backups. If my site gets hacked, I’ll just wipe it out and restore from a backup. Be safe, but try not to worry too much.
even though I am not using a purevision theme.
If you’re not using it, delete wp-content/themes/purevision
Hi bcworkz
Appreciate the addition background comments you gave. Since starting my website project I have maintained a strict discipline about updates, passwords and choice of plugins. I will look up the link you kindly passed across on how to harden up wordpress. I will then follow up on the action I need.
Regards
Hi Steve
Thanks for taking the time to drop in.
Right at the very start of my project I took the advice from people through their blogs to delete all unwanted themes. As I recall I think there were about three or four themes.. Anyway they all were deleted together with unwanted plugins. I am just running on my theme template and choice of selected plugins.
That is what is causing the issue. I cannot understand if I am not using a purevision theme and it is no longer on my server why would someone be persistent in trying to gain access.
If you can suggest anything I should be doing to close the risk to my site down it will be certainly be welcome
Regards
IF the file is not there, it really doesn’t matter. Bots are looking for a vulnerable file; you don’t have it.
