Few days ago I posted about some of the must have WordPress Plugins that really make my blogging easier and today I’d like to talk more about 2 of them, which I came to really love and appreciate: Redirection and IP Blacklist Cloud.
I started using Redirection to solve some of my many 404s. While the blog is still pretty young (and not with too much content), I did some extensive category re-organization and writing my redirects in .htaccess is a tad cumbersome. Not to mention that, as soon as I changed All in One SEO Pack with Yoast SEO, my .htaccess got re-written. Yes, my hard redirection work was gone.
I dislike the idea of having too many plugins installed (any time you have too much ‘junk’ it can crash the site or get into conflicts with other plugins), but in this case I was ready to make an exception, so that I can at least make my work easier and handle my error pages.
As you can imagine, in few hours I already got a lot of errors, so I started redirecting the categories that are no longer viable to the ones I am currently using.
And then I noticed that the plugin is showing me something more, something more disturbing: my site is accessed from some pretty ‘exotic’ locations and such ‘users’ (since not all are actually real users) are trying to get to some pages they clearly shouldn’t: admin.php (not that it exists), phpmyadmin etc. Wait for a minute … who’s got anything to deal with my admin pages and trying to mess up with the database?
Even today, as I look at my 404 list, I can see attempts to get to a join.php page (which we don’t have, we don’t register members here), Register.aspx and similar locations that no regular visitor/reader should want to access. These are clearly attempts to spam or harm the blog and I don’t see any reason to entertain them.
A great feature is that I can see the IP and the location. I can even have the plugin show me all the attempts from a certain IP, which makes banning the IP and then cleaning the log a lot easier. I usually select the “Show only this IP” feature, ban the IP and then delete the logs. I re-load the 404s page and see the remaining IPs with the attempts.
When it came to banning the IPs, I chose IP Blacklist Cloud, which doesn’t only help me ban the offending IPs, but it tracks down the failed login attempts (you’d be shocked to see how many people try to break into your admin account) and it also runs a worldwide database where you can see the biggest ‘troublemakers’ and ban them, before they can harm your blog.
Both these plugins helped me see all the hidden ‘attacks’ that are performed on my blog on a daily basis, which I never thought happened, and block the offenders from the site. Why have them use up my bandwidth and server resources to try spam or attack my site, when they’re clearly NOT interested in my content or whatever I have to offer here?
My daily routine now includes looking at my redirection stats (both the 404 pages and the logs) and then banning the IPs from China, Ukraine or the Russian Federation, which give the majority of my headaches.
Other safety tips:
- ALWAYS have backups (even if for the database only)
- NEVER use short and easy passwords (most of the login attempts are for admin, password, 123456 etc.)
- NEVER use admin as your username. If you have registered the initial account like this, go into the phpmyadmin and change the name of the user. Backup the database first and read how to best do it, so that you don’t mess up your blog.
- Don’t allow admin access on your blog unless really needed and for a limited time. Make sure the other admin uses hard to guess passwords, too.
- Always keep your computer’s anti-virus and anti-malware software up to date and run periodical scans.