• Resolved rpmtl22

    (@rpmtl22)


    I’m new to WP but have been creating and managing websites using basic HTML/CSS since the days of Macromedia Dreamweaver. I’m running my own WP installation and not using any “managed” WordPress so I’ve been researching security recommendations and plugins. It’s a very basic site with no comments option and only one email contact form using WPForms Lite and WP Mail SMTP.

    I installed a plugin named Limit Login Attempts as it seemed a prudent thing to do. I then got alerts that there were 250-300 blocked attempts to login every 24 hours. They even seem to be using my cryptic (not “admin”) name, which I find strange. Where are they getting that from…? I’ve now installed Blackhole for Bad Bots which has successfully reduced the bot activity by 2/3.

    So my question is …Are these typical bot traffic numbers for a WordPress website?

    • This topic was modified 9 months ago by rpmtl22.
Viewing 10 replies - 1 through 10 (of 10 total)
  • DevinLabs Solutions

    (@devinlabsolutions)

    Hi @rpmtl22,

    I belive this happen due to lack of security in your wordpress installation. I face same problem in my wordpress website as well. but fixed after applying multiple secuirty things like theme and plugin always should to be updated. your admin url should to be different as usual wp-admin url. you have restriction on your folder by htaccess and lots more. these issue happen with approax wp instllation who has less security.

    Moderator James Huff

    (@macmanx)

    Moderator Yui

    (@fierevere)

    永子

    I guess you can learn a lot by browsing the code of this plugin
    https://www.ads-software.com/plugins/block-bad-queries/#developers
    You can also install it and block those bad requests to your server

    Thread Starter rpmtl22

    (@rpmtl22)

    Thanks for the tips on reducing bot activity. I’ve already read that and other pages on measures to mitigate risks and had already followed the recommendations while creating the site.

    What I’m really asking is “What is normal?“.

    Ignorance is bliss and without that Limit Login Attempts plugin I’d be oblivious to any bots knocking at the door of the site. Perhaps it’s normal that hundreds (or thousands) of bots try to penetrate every WordPress site every day … and I understand that with proper safeguards in place I should be able to keep them out..

    Being a WordPress “newbie” I’m asking if 200-300 bots a day (or more) checking the front door lock is typical for a WP site?

    ps: I’ve gone from 250-300/day to 74 in the past 4 days after installing that Blackhole plugin. It might just be a coincidence or it might be doing its thing.

    Moderator James Huff

    (@macmanx)

    I don’t think there’s really an answer to that.

    Rarely are sets ever the same in their size, exposure on the internet, and security measures.

    It’s a bit like asking, “What is the typical number of customers inside a Walmart?” It all varies depending on location, size, available stock, sales, and probably some additional economic factors.

    I’d say just take confidence in the fact that your existing security measures are stopping them, and feel free to implement more security measures if you’re concerned.

    Thread Starter rpmtl22

    (@rpmtl22)

    Rather than use the word “typical” I should probably have used “uncommon”.

    Moderator James Huff

    (@macmanx)

    It’s really the same though.

    Rarely are sites ever the same in their size, exposure on the internet, and security measures.

    Like, “What is an uncommon number of customers inside a Walmart?” It all varies depending on location, size, available stock, sales, and probably some additional economic factors.

    I’d say just take confidence in the fact that your existing security measures are stopping them, and feel free to implement more security measures if you’re concerned.

    Thread Starter rpmtl22

    (@rpmtl22)

    I suspect there are studies I can Google which will provide statistics and an insight into what I’m curious about. Something like “Incidence of Bot activity based on a WP site’s popularity, traffic and activity/business”…

    Moderator James Huff

    (@macmanx)

    If you find any, please let us know!

    Thread Starter rpmtl22

    (@rpmtl22)

    I Googled “WordPress Security Statistics” and found lots of info. Looks like the 100-150 bot visits/day I’m seeing might not be out of the ordinary. Some security sites claim that “90,000 attacks target a WordPress website every minute”. Guess that’s the price you pay for being popular ??

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘What’s typical for bad Bots?’ is closed to new replies.