Few days ago I posted about some of the must have WordPress Plugins that really make my blogging easier and today I’d like to talk more about 2 of them, which I came to really love and appreciate: Redirection and IP Blacklist Cloud.
I started using Redirection to solve some of my many 404s. While the blog is still pretty young (and not with too much content), I did some extensive category re-organization and writing my redirects in .htaccess is a tad cumbersome. Not to mention that, as soon as I changed All in One SEO Pack with Yoast SEO, my .htaccess got re-written. Yes, my hard redirection work was gone.
I dislike the idea of having too many plugins installed (any time you have too much ‘junk’ it can crash the site or get into conflicts with other plugins), but in this case I was ready to make an exception, so that I can at least make my work easier and handle my error pages.
As you can imagine, in few hours I already got a lot of errors, so I started redirecting the categories that are no longer viable to the ones I am currently using.
And then I noticed that the plugin is showing me something more, something more disturbing: my site is accessed from some pretty ‘exotic’ locations and such ‘users’ (since not all are actually real users) are trying to get to some pages they clearly shouldn’t: admin.php (not that it exists), phpmyadmin etc. Wait for a minute … who’s got anything to deal with my admin pages and trying to mess up with the database?
Even today, as I look at my 404 list, I can see attempts to get to a join.php page (which we don’t have, we don’t register members here), Register.aspx and similar locations that no regular visitor/reader should want to access. These are clearly attempts to spam or harm the blog and I don’t see any reason to entertain them.
A great feature is that I can see the IP and the location. I can even have the plugin show me all the attempts from a certain IP, which makes banning the IP and then cleaning the log a lot easier. I usually select the “Show only this IP” feature, ban the IP and then delete the logs. I re-load the 404s page and see the remaining IPs with the attempts.
When it came to banning the IPs, I chose IP Blacklist Cloud, which doesn’t only help me ban the offending IPs, but it tracks down the failed login attempts (you’d be shocked to see how many people try to break into your admin account) and it also runs a worldwide database where you can see the biggest ‘troublemakers’ and ban them, before they can harm your blog.
Both these plugins helped me see all the hidden ‘attacks’ that are performed on my blog on a daily basis, which I never thought happened, and block the offenders from the site. Why have them use up my bandwidth and server resources to try spam or attack my site, when they’re clearly NOT interested in my content or whatever I have to offer here?
My daily routine now includes looking at my redirection stats (both the 404 pages and the logs) and then banning the IPs from China, Ukraine or the Russian Federation, which give the majority of my headaches.
Other safety tips:
- ALWAYS have backups (even if for the database only)
- NEVER use short and easy passwords (most of the login attempts are for admin, password, 123456 etc.)
- NEVER use admin as your username. If you have registered the initial account like this, go into the phpmyadmin and change the name of the user. Backup the database first and read how to best do it, so that you don’t mess up your blog.
- Don’t allow admin access on your blog unless really needed and for a limited time. Make sure the other admin uses hard to guess passwords, too.
- Always keep your computer’s anti-virus and anti-malware software up to date and run periodical scans.
Having been hacked a time or two I’ve learned the hard way about security. The best tip that you have is not using “admin” as a username. I have also installed Limit Login Attempts and then I whitelisted my IP addresses and then I also installed Stealth Login Page. I see that there are HUNDREDS of attempts every week to crack into my site. I change my password every few months using combinations of letters and numbers that make no sense to even me!
I wouldn’t say that my site is hack-proof but the harder I can make it for someone to get in and install malicious script the better.
Making it harder to crack into and having backups are the solutions. No site is safe 100%, but at least we should make it more difficult to attack them ๐
Thanks Ramona, these are good tips. I am going to check out these plugins. I don’t do enough with security and backup with my site, but I need to do a better job at this.
Let me know if they work for you. Am curious to see how useful they prove
I am all admiration! And envious. ๐ I wish I am as “techie”. These are things I don’t understand and where these are concerned, I live it all up to my son and he would often complain about my lack of interest in trying to learn technical stuff. And I’d go, “What for when you’re there?”, and he’d roll his eyes on me.
He he, it’s not that difficult. Managing your site on a daily basis will slowly teach you more stuff. Imagine I started in 2002 and didn’t even know how to upload a file. I had to learn it all from scratch and it wasn’t that easy, but it was clearly possible ๐
Pretty scary stuff, actually – I will give these plugins a try. It’s better to be safe than sorry. As for the database backup, there’s also a plugin that I use which can be set to send you daily/weekly etc database backup over to your e-mail or wherever you want to have it.
Yeah, that’s a really useful plugin. I think I’ll give it a try, too, it automates the backups and you don’t forget/worry about them anymore.