Basically, the attempt launched by these leeches comes in various ways. Out of the 5 troubled sites, below are some of the security issues occurred:
- MySQL data attempts
- Forced Login and password attempts
- The backhole exploiter
- Phishing attacks with live backlinks to a bank account (Thanks Google for warning the attempt)
- And much, much more.
Most of these attempt comes from unknown places throughout Europe, India and Australia to name a few. Some of the IP addresses are undetectable and most of them with unknown whois records. Wow, it's like a tag team effort just to find ways into a mini site providing contracting services (my client's websites of course.).
It keeps me thinking, if an unknown site like ours (note these sites have not been optimized), so, what will these 'husllers' do with heavy traffic sites or even an SSL secured sites? Although Google will definitely warn you in advance if these situation occurs (we highly appreciate the warning guys), what other options for your WordPress websites to make it secure. After a few discussions and a lot of reading, we concluded on the preferred options for your future security plug-ins..
WordPress Plugins for Security
Your first line of defence in helping out to secure your WordPress websites especially for the script based hacking attempts. With plug-ins, any human based attack on your website will make them extremely difficult to access. Hence securing your files. The more difficult to access your files, the more likelier the attempts would just pass by and they would just move on and trying to find loop holes on other websites. Like any other working people, for hackers, time is money too.
In the market for Wordpress websites, there are a handful of security plug-ins especially for the script based sites, which will in fact protect your website from malicious attacks. Each of these plug-ins, has different methods of operation and use. To select one suitable is basically based on your server/hosting environment, but most to most, these plug-ins will work just fine. From my experience, there are some plug-ins will not work unless a certain PHP script element is installed and configured on your web server. Below are the list of plug-ins which i have direct and extensive personal experienced:-
Among the features which some of these security plug-ins are:-
- Automated alert on critical problems
- Initial Warnings
- Blocked IP address alert
- Alert when someone is locked out
- Alert when the "lost password" form is used
- Alert when someone with admin access signs in
- Alert when a non-admin user tries to signs in
Other important security aspects which you might include in your search for your website security features are:-
- Automated scheduled scans
- Scan core files against repository versions for changes
- Scan for signatures of known malicious files
- Scan file contents for back doors, trojans and suspicious codes
- Scan posts for dangerous URLs and suspicious content
- Scan comments for dangerous URLs and suspicious content
- Scan for out-of-date plug-ins, themes and WordPress versions
- Password strength check
- To monitor disk space
- Unauthorized DNS changes
- Scanning files outside your WordPress installation
These are just the basic understanding for features to be included with in your security plug-ins. Apart from the many features above, there are more add-ons and updates to enhance the plug-in capabilities. At least, it could be a good start in making your future check list in finding the right security plug-in for your Wordpress websites and preventing form future atacks.
