Someone on Twitter mentioned that they loved the WordFence plugin a few weeks ago (I think it was @mharvey) and I installed it. I haven’t been hit with attempted hackers lately TO MY KNOWLEDGE but that hack years ago when my site was hosted on yahoo was one of my most horrible memories. I almost deleted the whole thing and said f*ck it.
Last night I was trying to do dinner and my gmail box was flooded constantly with WordFence notifications. 400+ between when I left work to pick up the kids and got home. By 8:00pm I easily deleted 600+ notifications. I went into WordFence and tweaked a few of the settings to further limit access (these were all invalid login attempts with user accounts that didn’t exist), and the emails dwindled to a trickle.
But the plugin is blocking those IPs for me automatically.
Of course WordPress itself never told me I had a problem. I have a different iThemes Security plugin installed and not a peep from it either.
So a few words of advice:
- Never use the generic user ids like Administrator or admin or your site’s domain name. Those were the top 3 attempts to hack my site.
- Get WordFence posthaste. I don’t even have the paid version – though as good as this was, I’m very tempted now and will look into the benefits.