Posted on Leave a comment

WordFence is the BOMB

Someone on Twitter mentioned that they loved the WordFence plugin a few weeks ago (I think it was @mharvey) and I installed it.  I haven’t been hit with attempted hackers lately TO MY KNOWLEDGE but that hack years ago when my site was hosted on yahoo was one of my most horrible memories.  I almost deleted the whole thing and said f*ck it.

Last night I was trying to do dinner and my gmail box was flooded constantly with WordFence notifications.  400+ between when I left work to pick up the kids and got home.  By 8:00pm I easily deleted 600+ notifications.  I went into WordFence and tweaked a few of the settings to further limit access (these were all invalid login attempts with user accounts that didn’t exist), and the emails dwindled to a trickle.

But the plugin is blocking those IPs for me automatically.

Of course WordPress itself never told me I had a problem.  I have a different iThemes Security plugin installed and not a peep from it either.

So a few words of advice:

  1. Never use the generic user ids like Administrator or admin or your site’s domain name.  Those were the top 3 attempts to hack my site.
  2. Get WordFence posthaste.  I don’t even have the paid version – though as good as this was, I’m very tempted now and will look into the benefits.
Leave a Reply

Your email address will not be published.