IS SOMEONE IS TRYING TO HACK MY BLOG - Help Me

The_Lion · March 24, 2013, 1:45am

Hi,
I have wordpress blog and only i can login my blog is not forum simple fashion blog where i daily publish celebrity gossips, today i was checking my blog stats but suddenly i saw in my blog stats someone is requesting register or sign up or login page and manymore. all the request he/she requested i have took screen shots. i have attached screenshot of that ip address that are trying to hack my blog. plz see the screen shot and help me. what do i do?

force · March 24, 2013, 5:27am

Use your host’s control panel or your main htaccess file to block IP addresses.

The_Lion · March 24, 2013, 6:20am

Thanks :), this person is really trying to hack my login info

Rubble · March 24, 2013, 9:08am

If you check your server logs there are people trying to hack into your website all day everyday :mad:

Although this person seems quite determind to get into yours for some reason.

xhtmlcoder · March 24, 2013, 10:04am

It’s probably a Chinese spambot farm especially with the frequency and large list of generic register/login files it attempted to access. It’s unlikely to be a human and likely the IP is already blacklisted on a spam database.

Stevie_D · March 24, 2013, 11:03am

I get loads of those bots trying to access the log-in page for all sorts of different CMS control panels … they’ll be lucky, I don’t use a CMS!

Rubble · March 24, 2013, 2:02pm

they’ll be lucky, I don’t use a CMS!

The same for me

EastCoast · March 24, 2013, 6:32pm

It’s worthwhile adding htaccess password authentication as an extra level of security to the wordpress admin directory. Also when you install wordpress, best to allocate a custom directory for admin rather than the default.

xhtmlcoder · March 28, 2013, 8:14am

There are various ways you can block and deny IP but something like the following you would add to your .htaccess file it might not be the best or most efficient method but should work.


order allow,deny
deny from 36.248.80.15
allow from all

Mittineague · March 28, 2013, 2:39pm

Blocking by IP is a chore and could possibly block legit viewers. i.e. even if you don’t block ~39K IPs and block “ranges” instead, you’ll still find yourself endlessly updating your htaccess file. Also keep in mind that Apache processes the htaccess file every HTTP request so you don’t want it to be too large.

Although you could still block the more troublesome IPs too, IMHO for post SPAM it’s much better to use other methods such as CAPTCHA, Flood control, word/phrase blacklisting, and checking for links.
As for file access, keep files containing sensitive info outside of the webroot, make sure your folder/file permissions are set to as restrictive as possible, and don’t use the default structure/naming where you have the option to use different.

I think if you do everything here you should be OK
http://codex.wordpress.org/Hardening_WordPress

Topic		Replies	Views
Suspicious URL being aimed at my site Server Config security	8	1262	January 4, 2013
My Wordpress blog keeps getting hacked Server Config security	17	8775	September 28, 2010
Question on WP Botnet Server Config security	4	1164	October 8, 2014
Wordpress Hacked Server Config security	5	816	January 25, 2012
What could i do to boost safety after getting a multiple log in attempts message? Server Config security	18	2954	June 28, 2021

IS SOMEONE IS TRYING TO HACK MY BLOG - Help Me

Related topics