Installed WordFence today. Easy to set up. Looks a comprehensive tool.
-
I’m administering a free website with about 150 visitors a day. It is a year old. There were always a certain number of login attacks. I think by default the web hosting company added directly (or via a default plugin) a directive in the Apache .htaccess file to block xmlrpc.php exploits simply by stopping anyone accessing the file.
In the last few days I noticed more login attacks, which made me check the logs. I was suprised at the number of calls to wp-login.php and xmlrpc.php from IPs obviously trying lots of usernames/passwords. I made a list of IPs (and from that their network ranges) attacking wp-login.php and banned them via .htaccess. I looked again at the logs and the banned IPs also seem to access index.php as well. The network ranges I blocked all seem to be from web hosting companies rather than Internet Service Providers, so they could well be from hacked websites rather than humans browsing the web.
Anyway all these suspicious Apache log entries prompted me to look for a plugin to provide more security. WordFence seemed a good choice given it is used on millions of sites.
I installed it today. The installation was straightforward. I chose the option to make the firewall load first and so downloaded the backup .htaccess file. I started a scan. The firewall is currently in learning mode for the next week.
WordFence looks very impressive with a huge list of options.
The only problems I’ve had with the website BEFORE installing WordFence is that although the number of concurrent users on it is quite low, it does sometimes refuse to serve web pages for about one minute at times. I tried accessing a regular, static .html file and that is always returned by the website. But accessing a .php file sometimes fails and it looks like the PHP compiler/interpreter has gone down. So I was wondering if this problem was caused by bots making too many requests and bringing the PHP parts of the website down for a minute at a time.
Anyway time will tell whether WordFence stops bots overloading the webserver (If that was the problem?) and can cure the intermittent problem of the PHP compiler/interpreter going down.
Summary: Although I only installed WordFence today it looks like a well thought out piece of software and it was easy to install and get going.
- The topic ‘Installed WordFence today. Easy to set up. Looks a comprehensive tool.’ is closed to new replies.