Hacker attack on the site panel

Asked

Viewed 115 times

2

I installed the Wordfence plugin and every day I get hacker attack report to wp-admin/site dashboard.

I decided to change the admin address with the plugin Protect WP-Admin, like this: site.com.br/Cmr21vnw, it seems to me impossible to find this address but keeps coming alerts of access attempts, less alerts but keeps coming.

Is there any way to try to log in via URL? How was the new address discovered? How to prevent this?

Thank you for your attention.

  • 2

    This is normal. Today and today there are attack robots running around the web looking for vulnerabilities to exploit.

  • 1

    That’s why your password has to be very strong. Special characters, uppercase letters, etc.

  • Actually by the report that Wordfence presents it seems to me that it is not something manual even, but I can not understand how the "robot" found the login folder that was renamed.

  • See if your server publishes help files to search engines. Type sitemap or robot.txt. Ex: https://www.google.com/robots.txt

  • My robots.txt looks like this: User-agent: * Disallow: /wp-content Allow: /wp-content/uploads Disallow: /wp-admin .

  • Somehow the structure is being published. Take a look at if it has activity at port TCP 389. Another thing, I read that you use dynamic IP, you also use Dynamic DNS? Some DDNS’s force publishing directory structure.

  • I do not use dynamic DNS my host is Locaweb, only my connection IP is dynamic. Actually as I said "somehow the structure is being published".The plugin I used does not change the name of the wp-admin folder within the host but only the url, if you type wp-admin or even domain.com.br//wp-login.php does not open the login form. It seems to me that it is a direct attack without trying to access the form, I just don’t know which address is used because alerts of access attempts keep coming. It would be better to really change the name of the folder on the host, maybe it worked better but do not know Wordpress accepts this change.

  • Actually in Wordpress you can not change the path of the wp-admin folder only the url. Anyway look for data traffic on TCP port 389 this port is standard on all OS for publishing distributed directory services.

Show 3 more comments

1 answer

2

Have you ever thought about restricting the site access only to certain Ips? Here’s a tutorial on how to do this for the file. htaccess, the code is as follows::

AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName "Controle de Acesso Administrativo do WordPress"
AuthType Basic
<LIMIT GET>
order deny,allow
deny from all
# whitelist IP de Asllan Maciel
allow from xx.xx.xx.xxx
# whitelist IP de Fulano de Tal
allow from xx.xx.xx.xxx
# whitelist IP de Beltrano
allow from xx.xx.xx.xxx
</LIMIT>

Source: http://www.wp24horas.com.br/tutoriais/proteja-wp-admin-wordpress-limitando-acesso-no-htaccess

  • I found interesting the tip seems to me that would solve but my connection IP is dynamic. Woe to me also would not work but who uses fixed IP connection is a good. Thanks.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.