8 failed login attempts (4 lockout(s)) from IP: 91.200.14.72
Last user attempted: admin
IP was blocked for 24 hours
so it could be legit but it could be someone try to hack in i’d guess.
Could i get some suggestions on what to do to improve the safety? add the ip to a block list?
thx
D
Depends on what they are trying to log into, and what kind of hosting you have. You could add the ip to a block list, but if it’s an automated or determined attempt then it can easily swap to another one. The ip you have listed is from what I’d consider a abd network neighbourhood, it’s almost certainly a malicious attempt. The inverse to blocking one ip is more effective (block them all, allow only whitelisted ips, which is only an option however if you are going to access the system from set ip addresses)
For example, if your site has a global audience you may not want to block a Russian IP, but if you don’t care if anyone using a Russian IP is blocked you could add it to a blacklist.
Keep in mind that there are a vast number of IPs that can be used. In this case it might be best to block a range of IPs i.e.
91.200.14.xxx or even more.
A 24 hour lockout seems extreme if someone legit did something like have their Caps on by mistake.
There are other things you can do in addition to repeat FAIL attempts. Various forms of CAPTCHA for example. Personally, I think the most effective is to block anonymous proxies.
I didn’t check TB’s perishablepress link but it looks like a “honey pot” to take bad requests into a “sandbox” where they can try an infinite set of links and remain in the “sandbox” (away from your admin files). There are “honey pots” which have been around for some time (i.e., Google to find one which suits you).
I prefer TB’s method of adding a deny line in the .htaccess and have done that in an automated fashion on one website. Anyone entering what looks like a good directory (like WP’s admin - assuming that you’ve renamed the actual admin directory according to the installation directions) where ANY attempt to access the directory will cause the IP address to be captured and added to the DocumentRoot’s .htaccess (in another line in the allow,deny block as shown above).
Before going to any extreme like that, though, be SURE that you’re using an horridly complex (http://strongpasswordgenerator.com) password for every account with access to the WP manager (as well as your WHM/cPanel and FTP - telnet, too, if you allow it to be used despite all recommendations I’ve seen).
If you’re worried about someone having gotten in, search SitePoint for my article on a daily CRON comparing file hash values. Because they should NEVER change (unless you’ve patched/updated WP), any change or addition will highlight a probable malware addition to your code (meaning that you’ve got to check your database for additional ADMIN users AND DELETE all executable files – at least all .html, .js and .php files – THEN upload the ones from your MASTER set to restore your website quickly).
Personally I quit caring about this – we just use SSL and 2 factor auth. People are always going to bang on the door, especially well known public facing doors or architecturally flawed open source CMS products typically configured by amateurs.
i added my code above the begining # sign.
order allow, deny
deny from ##.###.###.###.
allow from ##.###.###.###.
soon as transferred it to wp, the site errored out.
Am I doing this wrong? a bit leery of messing w/the original code from wp in this touchy file.
thank you
D
A follow up on the bit below. So it is only one htaccess per directory. am using wp. where should i put the new .htaccess w/the deny/allow ip infor?
[previous]follow up on this. I was told you could stack .htaccess. more than one. went to add a new one to my wp and am not given that option, it looks like it wants. rename and/or overwrite…
How do i go about doing this please? [/previous]
thx
D
is that each folder can have its own. eg.
the top level directory contains directives for all files and folders in it
a sub-level folder can have additional rules that apply only to the files and folders inside it. etc.