Somebody trying to hack my WP Login - Pls. help !

Hi all,


I have a wordpress website. I installed ecstatic plugin to know who is visiting my blog. Recently when I checked the stats, I noticed some one was repetitively visiting my login page, i.e., http://www.*******.com/wp-login.php.


When I dug further, the location of the IP address was somewhere in turkey and below are a few more details:


IP: 1**.1**.2**.1** Domain: ('host' err) Pages: 2
UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727)


(I put those stars to hide the ip). I want to know is it an attempt to crack my wordpress login page? What is ('host' err) ? What is Pages-2 ?


This person was visiting the login page very fast, withing 4 minutes time visited for nearly 30 times.


Can someone please explain and suggest some precautions to prevent hacking ??


Thanks in Advance...


KLBJ7374

 

Password protect the admin directory. If you have a static Ip you can allow acces to admin area from your IP only via .htaccess.

 

you can limit wp-login.php page and wp-admin folder using .htaccess:
Deny Access to wp-login.php by showing forbidden message

Allow WordPress admin login from specific IPs or IP range

 

You can install wp login lockdown which prevents multiple login attempts to your admin dashboard, it's free:
http://wordpress.org/extend/plugins/login-lockdown/

Also, change your password every month or so, and put capital letters or symbol (like &, *, /, -, +, etc.) in it to make it more secure.

 

thanks guys, I am using spam blocker to block his ip addresses. but how many can i keep on blocking manually ?? I will implement your suggestions...

 

I have heard of too many people having their blogs on Wordpress and Joomla attacked. Make sure you always upgrade your updates and plugins and that will give you some added protection. I don't know how to keep manually blocking and that does seem time consuming. I am sure someone will post better solutions for you. In the meantime keep everything updated because those updates involve more than features they also provide added security in some cases.

 

I installed login lockdown plugin. it has changed my login screen, when I log in, it did not go to dash. I think this is incompatible with the present version of WP. I am logging in but it is taking me to my blog and above is the menu bar with links to dash, comments, etc. I cant go to my dash or comments page. It is returning error 404 page not found. I tried to deactivate the plugin through cpanel as explained wordpress codex site. But no use.

How can I restore my login screen and go to dash ??

 

Delete the plugin folder using FTP. That'll force disable the plugin.
You may also need to remove the rules manually from the htaccess file.

 

- always - always update your plugins.

- protect your database by change its prefix form wp to anything else

- install website defender plugins (sorry I can't post link yet)

 

login lockdown will surely help - but sometimes you forgot your own password or mistype it, your login attempts failed three times, and you can't login to your own sites for one hour. I don't think that's really a good solution.

Instead of login lockdown, improve your own password security, change your chmod to specific folder like wp plugins, themes, etc so it can't be accessed by hacker, and NEVER (or at least be very cautious) when install themes or plugins from outside wordpress repository.

You can monitor your site security once a week using website defender service. You'll get it for free when you install its plugins - wordpress defender. I use this service and it tells me when my theme has malicious code in it and how to handle with it, really useful.

 

syamsul - thank u for your suggestions. My case is not forgetting password. I am logging in, but it is not taking me to the default wordpress dashboard. I am unable to do any thing after logging in. its looking like a blogger blog with navigation bar on the top. :-(

thinking to reinstall wordpress.. -(

 

Reinstalling will not help, as far as I can see.
Just delete the plugin folder from FTP and delete the related rules from .htaccess files.

 

I know what you mean about Login Lockdown but you can change the settings so that you can have more than 3 attempts... say 5. That way you can protect yourself against brute force attacks.

 

wp login lockdown is best plugin to Protect login form.
protect wp-config.php with .htAccess
Disable Directory Browsing with .htAccess