Running a website can be quite a learning experience. It’s fun to be able to create a site and post things. Programs like WordPress make the process pretty easy compared to the days when you had to code HTML by hand, long before things like CSS and PHP were common. Security is a big issue nowadays though because people make lots of money from banner ads and such and sometimes use unscrupulous methods to get money. One such way is to attempt to hack into sites to make their own page to put the ads and malware on.
A friend of mine seems to have had her e-mail password compromised recently and a spammer sent a link to a site to everyone in her contact list, including me. I suggested she change her password and so far I haven’t received any further spam e-mails.
My site had over 1000 hits from 220.127.116.11 which seems to be in the Netherlands. I’m guessing this person was attempting to find the username and password combination to log into this site to post a page for their own use. Seeing that made me look for a WordPress security plugin to help prevent further attempts.
A post at http://oddblogger.com/best-wordpress-security-plugin/ reviewed Better WP Security and it seemed like a good one to try so I went ahead and installed it. It’s feature packed and while I don’t understand a lot of what it does, one of the features I particularly like is the ability to limit the number of login attempts. It can be configured to whatever number of tries you want within whatever time period you want and can even permanently ban someone after the number of lockouts that you specify. In other words, it’s highly configurable.
The ip ban, or blacklist, is also helpful to me to help prevent some comment spam. The plugin Block Spam By Math Reloaded goes a long way to prevent a lot of it but one particular spammer seems to periodically leave messages anyway. I added the ip address that the person (or bot) was using to the blacklist so now they’ll just get a 403 error instead of my webpage.
Better WP Security has many other features and I recommend checking it out as well as the post on oddblogger’s site if you want to easily make your WordPress installation more secure.