- This topic has 4 replies, 4 voices, and was last updated 5 years, 6 months ago by Tom.
May 13, 2016 at 6:03 am #194019Todd
Hi Tom, a site I have for a client http://turkscollisionrepair.com is being attacked presumably by bots almost everyday, with dozens of failed login attempts from various IP addresses.
I was wondering if Generatepress has security features that would help prevent bots and hackers from trying to gain access to site, such as renaming the login page or and/or adding captcha.
What I’ve done so far is completely disable comment capability, limit login attempts to 1, as well as implement a Plug-In named Loginizer Brute Force. The plug in seems to help, however everyday I have to manually input all the IP addresses from failed login attempts, into the black list to hopefully lock them out the next time around.
Thanks!May 13, 2016 at 10:32 am #194073TomLead DeveloperLead Developer
A plugin like this might be worth trying out: https://en-ca.wordpress.org/plugins/wordfence/
Stuff like this can be tricky – I still don’t know why some people get hit and others don’t. It could have to do with the server itself.May 13, 2016 at 4:11 pm #194131David
Just adding my 2c, that Toms suggestion of WordFence is spot on!
And it’s not the themes responsibility to provide security.
There are some plugin s to change the wp-admin URL for logging in, but some mess up WordFence.
Read up on some articles that cover WordPress security, there are many!
HTH, DaveMay 14, 2016 at 8:35 am #194234bdbrown
everyday I have to manually input all the IP addresses from failed login attempts, into the black list to hopefully lock them out the next time around.
Personally I think you should spend your time elsewhere. The IP addresses change so frequently you’ll never be able to keep the list up to date. Concentrate on putting up the best perimeter defense you can. Wordfence has been suggested. That’s one of many options available. You could also check with your host to see if they can implement ModSecurity. It’s definitely a challenge to reach that balance of keeping the bad guys out but still allowing adequate access for your users.May 14, 2016 at 9:11 am #194243
- You must be logged in to reply to this topic.