1,023 blocked malicious login attempts. Who trying to steal my blog? Any advises?

VicMarcusNWI

This is a very common thing. Most of these attacks are automated, coming from China or Eastern Europe. You may consider banning traffic from those countries all together if it's not relevant to you. Change the default admin user name to something else. And do as EGOL recommended - set a really strong password. And then change that password every few months.

max.favilli

Change the name of the login page, I mean in addition to having a strong password of course.

Those automated scripts look first for the known wp login page if they don't find it the will give up, if they do they will keep trying forever and ever, an unecessary load for your servers.

donford

I agree with Massimillano here.

Three things you should do for all common CMS systems (WP, Joomla, ect..)

First change the admin directory to something else. When doing this you likely have to edit configuration files to point to the new location which is pretty simple.

Second protect admin directory with .htaccess & .htpasswd.  There is a nice generator I have used on some of my sites in the past here.

Third create a honeypot / auto IP ban for malicious crawlers or script kiddies. There are several plugins for this if you search the keywords honeypot + cms.

Eslam-yosef

I've. But, do you think it's enough. I'm talking about that I'm talking with you right now and there's someone right there trying to steal my thing. Hard feeling really.

Eslam-yosef

I don't know, it's a very abuse thing to ban traffic from a country. If you are saying these attacks are automated so they are not humans?

Eslam-yosef

I don't think it's easy to change it because there PHP complicated things that I don't know about. But, I will search for a trusted plugin or something like that. Seems like a good solution.

Eslam-yosef

It's won't type my password there really. I don't know ...

max.favilli

Instructions here: https://wordpress.org/support/topic/how-to-change-from-wp-loginphp-to-login

aap82

theres a wordpress plugin you can use that limits the number of login attempts (I used to use it but I forgot the name of it)

ScottOlson

Bulletproof Security is great and has many features to blocking such attempts and making it harder for those scripts that are just constantly scanning for the usual vulnerabilities.

VicMarcusNWI

Eslam - Many great suggestions here of the things you can do right now to help you with these hack attempts. One thing I'd like to add is that we use a service/plugin called Sucuri. We've had good luck with it so far. You can learn more about them here: http://sucuri.net/

Regarding the approach of blocking traffic from other countries, my thought is this. Does traffic from those countries bring any value to you and do you give value to those visitors? If you answer no to this question, then why not block it? For example, a local pizza shop's website in Portland, Oregon probably doesn't care bout web traffic from Lithuania and vice versa.

max.favilli

Honestly, I would strongly suggest to avoid blocking traffic on a geographic basis, these days you never know where traffic will come from and why.

User sitting in the building next to yours but accessing internet from a corporate network may appear as connecting from China.

Legit bot from services you are paying for may appear as crawling from Sweden, and other legit bot you don't even know about but which let you reach additional audience may appear as connecting from the other side of the world.

Blocking traffic is positively dangerous, the only case where I would consider it a good decision is when blocking blacklisted ips, and even this case I would suggest to secure the blacklist is updated regularly to avoid blocking false positive.

VicMarcusNWI

There will definitely be cases out there like you described, Massimiliano. It's a wild world out there. We can only do so much to protect ourselves.