About human attack on website

Are you running your own server? Do you have Fail2Ban installed?

Thanks for your advice.

No.

My websites are hosted on HostGator server. I’m not allowed to install software on their server.

Regards

Ideally your host should stop attacks before they reach you,but not all hosts are the same.

What you can do is either( or both )

1. install a security layer further out – i.e. on a CDN – e.g. Cloud Flare, other CDNs are available

2. Install a security plugin on your WP install, perhaps with a Web Application Firewall (WAF) built in – there are many available

Hi Allan,

Thanks for your advice.

I have following plugins installed on all my websites;
Limit Login Attempts
Wordfence Security
WP Cerber Security, Anti-spam & Malware Scan

The attackers are working in group, trying to login my websites but all failed. I have strong passwords. “Wordfence Security” informs me their attacks. I have to block their network with “Run WHOIS”. It is quite annoying. The attackers works in group of about 50~70 human and I have 40 websites running on Internet.

Could you please explain in more detail re “1. install a security layer further out – i.e. on a CDN…..”? Thanks

Regards

• This reply was modified 1 year, 2 months ago by satimis.

Personally I wouldnt bother blocking only a small attack like that WordFence will be blocking in the WAF, manually adding the IPs is fairly pointless as they will move to other IPs

Strong passwords is key. Humans trying to breakl a striong password will never happen, you need to make billions of attempts.

9 random characters need more than 5,000,000,000,000 attempts

Hi Allan,

Thanks for your advice.

I’ll take your advice, just ignoring them. I have strong password and out-off imagination username in combination.

Hi bbast2,

Thanks for your advice.

I’ll install two-factor authentication (2FA) following below link.

How to Add Two-Factor Authentication in WordPress (Free Method)
https://www.wpbeginner.com/plugins/how-to-add-two-factor-authentication-for-wordpress/#add-2fa-in-wordpress

Fortunately up-to-now the attackers fail to login my websites but just annoying.

Regards

• This reply was modified 1 year, 2 months ago by satimis.

Hi all,

Just setup” “two-factor authentication (2FA)?“. Perhaps I made a mistake in configuration. The one time password doesn’t come.

From cPanel of my hosting company I can login the website but unable to change item. It always popup entering one-time-password. I need to delete the plugin and start again. Please help. Thanks

Regards

Hi all,

I have deleted the plugin wp-2FA plugin via cPanel on the server of the hosting company. Now I can login the website without problem.

Please advise where can I find the tutorial to setup wp-2FA plugin. I’ll try it another time.

Thanks

• This reply was modified 1 year, 2 months ago by satimis.

Hi bridgeitco,

Thanks for your advice.

I have installed “1on1 secure” on one of my websites for testing.

On Dashboard;
1on1 Secure
[Get API Key]
What is it used for?

Do I need to create an API key? Thanks

Regards

Details are on their plugin page https://www.ads-software.com/plugins/1on1-secure/

Hi Allan,

Thanks for your advice and link.

I read that link before but can’t resolve the “API Key” and its use?

Regards

You should really ask them
https://www.ads-software.com/support/plugin/1on1-secure/

But I think their readme is quite clear

Free 6-Month Renewable License

No Credit Card required

1on1 Secure is an anti-spam plugin which works with the premium Cloud Anti-Spam service 1on1Secure.com. This is a Serviceware plugin

Th API key is clearly required to access the cloud service and needs to be manually reviewed every 6 months.