Hi there folks!
I’m back with yet another update that is crucial to all wordpress based websites. Whether you are a client of ours or an independant WordPress user the following information could save you a lot of time and frustration from outside influences and attacks on your WordPress website.
In a nutshell a DDoS attack is someone trying to Access or Brute Force the ‘admin’ or ‘administrator’ login of your wordpress website in attempts guess or access your Admin logins again and again repetitively causing memory overloads on the Hosting servers……Stupid Monkeys!
Basically this ‘Denial of Service‘ (DDos) occurs when your hosting server is being bombarded with attacks from evil little monkeys with too much time on their hands. Eventually your webhost will turn off or suspend your hosted website account due to the lack of memory that is left or allocated to your server after or even during such an attack.
They do this because the memory and resources that are drained by a DDoS attack makes it difficult for any other websites that are on the same server to run accordingly – i.e. No memory left to run them.
The hosting server would rather turn off the affected/attacked website than all hosted websites, so although the responsibility of ensuring and or prevention of these attacks may seem to be the hosting server’s responsibility, in actual fact the Hosting company will only take responsibility for Server Side attacks (any attacks that are directed to their server) and not individual attacks on a particular website and in this case yours.
However, although it would seem at first glance a little unfair from your point of view for the Hosting companies to take this point of view it is in fact your responsibility to further guard your website against such attacks. However, we at Unique Web Marketers are going one step further and taking steps to help you and get you well on your way to a safer online experience.
But, not to fear, we do have a FREE DDoS attack WordPress solution for those looking to lessen these attacks and stop these pesky Primates in their tracks.
Provided you have a basic understanding on how to install plugins on your WordPress instance/website we would strongly advise installing the following plugins:
(all related information taken from actual Plugins’ pages)
- Block Bad Queries (BBQ)
Block Bad Queries (BBQ) is a simple script that protects your website against malicious URL requests.
BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like eval(, base64_, and excessively long request-strings.
This is a simple yet solid solution that works great for sites where .htaccess is not available.
The BBQ script is available as a plugin for WordPress or standalone script for any PHP-powered website.
- Limit Login Attempts
By default, WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease. Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible
- ThreeWP Activity Monitor
This plugin displays a multitude of user actions to keep the site administrator informed that all is well and that the blog or network is not being abused. Displays:
- Logins (successful and failed)
- Retrieved and reset passwords
- Posts/pages created, updated, trashed, untrashed and deleted
- Comments approved, trashed, spammed, unspammed, trashed, untrashed and deleted
- Changed passwords
- Changed user info
- User registrations
- User deletions
- Custom activities from other plugins
Keeps track of latest login times and displays a column in the user overview(s).
Since this plugin allows you to monitor all activity sitewide, it will be very easy to quickly locate spam blogs and their activities.
- Wordfence Security
Wordfence starts by checking if your site is already infected. It involves a deep server-side scan of your source code comparing it to the Official WordPress repository for core, themes and plugins. Then Wordfence secures your site and makes it up to 50 times faster.
Wordfence Security is 100% free. They also offer a Premium API key that gives you access to their premium support ticketing system at support.wordfence.com along with two factor authentication via SMS, country blocking and the ability to schedule scans for specific times.
The following video is an introduction to Falcon Engine, the new caching engine included in Wordfence 5 which will make your site up to 50 times faster than a standard WordPress installation
For more detailed information on setting these up simply give us a CALL or Contact Us and we can help you where we can.
(For all Hosted Clients with Unique Web Marketers, we are currently setting up and uploading these plugins on your behalf – we got you covered. We have also, for yours as well as our piece of mind, set these up so that we get email notifications on any suspicious activity that takes place on your hosted WordPress websites with us)