Lock outs

  • I am not sure where to post this. I have used a couple of security plugins. i was checking logins. this was on 404 errors
    I got this long list of people all trying to access this file at the same time. I am not quite sure what to make of it. I am new at this. I have my lock out site rather low 4 attempts and it then locks them out for an hour.
    I looked at my product page whee this item is listed and it shows up. I did delete a lot of images the other day to upload the same image but at a smaller and optimize setting. Are all these trying to break into my site?
    I am not really having any sales traffic as I am still building it.
    Just lost at this Thanks Tom.
    By the way any sales get routed straight to paypal so i do not collect any credit card info.
    2013-10-01, 1:21 PM
    5.135.152.208
    31.172.30.2
    37.221.161.235
    96.47.226.20
    5.35.249.38
    192.43.244.42
    216.218.134.12
    93.115.87.34
    178.18.26.107
    199.48.147.35
    37.221.160.203
    217.115.10.133
    67.138.111.149
    95.130.9.89
    93.167.245.178
    37.139.24.230
    /product/handmade-sterling-silver-jewelry-chainmaille-pendant-daisy/

    https://tomsfoolerychainmailejewelry.com/product/handmade-sterling-silver-jewelry-chainmaille-pendant-daisy/

    this is the actual link to the above pendant
    https://tomsfoolerychainmailejewelry.com/product/sterling-silver-jewelry-daisy/

Viewing 2 replies - 1 through 2 (of 2 total)

  • I have used a couple of security plugins.

    I am no expert here, but I use some htaccess security and a firewall. I use Bulletproof Security for htaccess and for failed-login lockouts, and I use Wordfence Security for its various features including a firewall. However, I have heard there is at least one plugin that can handle all the above all by itself.

    i was checking logins. this was on 404 errors
    I got this long list of people all trying to access this file at the same time. I am not quite sure what to make of it. I am new at this. I have my lock out site rather low 4 attempts and it then locks them out for an hour.

    Some of that can be eliminated by stopping them ahead of time, and Bulletproof Security has a “Custom Code” editor where you can actually keep undesirable traffic from ever even getting that far. Overall, I add these things to htaccess that way:

    ## add at top of htaccess
## note: also go set wp-config.php permissions to 0400
# deny wp-config.php
<files wp-config.php>
order allow,deny
deny from all
</files>

## add at end of htaccess
# send certain brute-force login attempts to 403
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} =POST
### note change yoursite.com in this next RewriteCond line
### and remove its preceding # to make it work
#RewriteCond %{HTTP_REFERER} !^https://(.*)?.yoursite.com [NC]
RewriteCond %{REQUEST_URI} ^/wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/wp-admin$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>

# prevent view of 403.shtml
<Files 403.shtml>
Order allow,deny
Deny from all
</Files>
####

    note: Those are in addition to what Bulletproof already does by default.

    I looked at my product page where this item is listed and it shows up. I did delete a lot of images the other day to upload the same image but at a smaller and optimize setting. Are all these trying to break into my site?

    Likely so, in one way or another, and the fact you are seeing 404s might mean your current security is already stopping them. However, the above code to “send certain brute-force login attempts to 403” can help reduce the 404s while reducing the load on your WordPress installation whenever anyone attempts a login that does not come from a page at your site.

    Thread Starter tomsfoolery2013

    (@tomsfoolery2013)

    Thanks for the suggestions will look into the plugins
    Tom

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Lock outs’ is closed to new replies.

Tags