Recommended methods against hackers

Hi!

I have a WordPress site where I advertise my services. I got password guessing and vulnerable plugin guessing attacks almost each day. I permanently block the IP of the attackers. I regularly backup the site. I regularly update the WordPress and the plugins and I have a free Wordfence on it. For now this works, but I wonder how long. Are there other recommended supplementary solutions to protect the site or will Wordfence be enough on its own? What is your experience?

8 Comments
  1. Wordfence and cloudflare WAF rules (country blocking solves most of my spam issues).

  2. I have basically the same protection enabled as you and was hacked once in 2021, my site would redirect to “one million visitor” sort of sites for everyone, no idea what caused it, was on godaddy shared hosting at the time, paid them like £20 for some ‘malware removal’ option and it was fixed within 24 hours, still using the same protection but all good since

  3. As long as you have a strong password, keep everything updated, and use good plugins/themes that don’t have vulnerabilities, you should be fine. Almost all of these attacks are automatic, searching for crappy passwords and vulnerabilities. It happens to all sites at some point. Sometimes it gets worse, sometimes it’s one per day…

    I haven’t used a security plugin for years. I just implement common sense security practices and a 2FA plugin.

    It’s a good idea, though, to use something like Cloudflare to block as many as possible so they won’t burden your server with a lot of requests.

  4. Everybody gets these script-kiddie attacks. All. The. Time. This has been going on since Tim Berners-Lee first showed HTTP to the world.

    Use trustworthy plugins and themes. Keep everything up to date. Use strong passwords. If you give third parties access to your site, for maintenance or some such thing, revoke it as soon as possible. Keep backups of at least a few weeks of previous versions.

    If you are a credible target for a large scale denial-of-service attack, use Cloudflare.

    Don’t sweat too much over all the stuff in the Wordfence logs.

  5. I like to keep down the bloat so have just added a bit of code to my functions.php that blocks login after three unsuccessful attempts for a period of time. If it continues to happen from the same IP it blocks for a little longer and finally blocks the IP. This on top of decent passwords and staying on top of updates means I’ve not had a single site compromised so far.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer