I’ve got reasonably decent amateur wordpress site running my little side gig. While I’m not a cyber security professional per se. I know a lot about a lot. But not everything about anything.
I’ve been using the free version of Wordfence for years and I’ve done what I can to remove as much low-hanging fruit when the bad guys slide by and attempt to jiggle the locks on my site.
Sometimes just for fun I look at the live access logs and have definitely noticed certain URLs that seem to get hit when somebody is obviously trying to enumerate my site.
For example, the admin account on my site doesn’t publish articles, but if you hit /?author=1 that will give you that account name. I can’t imagine a non-nefarious reason to be poking around at that URL, so if I see you hit it I’ll block your IP for a couple of days.
Foolproof…no. Does it make it just a little more difficult to poke around my site than the next guy…yes.
My question is. What are your go-to blocked URLs? Things that if somebody hits them it’s a reasonable reaction to block them for at least 24 hours.
[ad_2]
And before you blocked these IPs, did you make sure that it was not crawlers that reference your site?
You said you blocked the low hanging fruit. So why not block all author inquiries? Seems like low effort if you don’t use it. You mentioned user enumeration, so why not stop that?
The plugin method are the Stop User Enumeration plugin or the GotMLS plugin. But you can do that with redirects or a rewrite rule.
While I can see that preventing the user from being seen can be important, it’s also not a big deal if you keep your site up to date and follow basic password protocols. With WF you also get 2FA and that should do the trick, no?
You can’t nor will you prevent everything, but there are only some very rare-ish circumstances in which your site would be vulnerable when you follow the basic site security methods.
I mean you can certainly harden everything, but your site isn’t a target (changes are that you won’t prevent from someone determined) but just a stop along the way of the various bots and scripts that crawl the web daily.
If you want to go further you can always upgrade WF, but that depends on your sites content and redundancy plans.
There’s an option in Wordfence to obfuscate those types of URLs & parameters (?author=1), so then you won’t need to manually block stuff like that each time as they hopefully won’t be accessed.
Hope I’m understanding correctly!
I am going to send you a private message.
I block russia, ukraine, china and most server farms trying to log in. I block the entire AS on server farms. Switching IP does them no good. I also establish blocks as they happen at cloudflare when failed logins equals a threshold.
Check out the plugin BBQ https://wordpress.org/plugins/block-bad-queries/