Main Area and Open Discussion > General Software Discussion
Wordpress and Hackers
rgdot:
What Tuxman said is true.
It is a target because of its wide use, already mentioned stuff for example there are tools that change wp-login to something else, limit login attempts, disallow php execution in some directories. All will help but it will never be 100%, of course.
app103:
...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page...
-Stoic Joker (August 21, 2014, 05:47 PM)
--- End quote ---
Are you kidding? I don't allow any more than 2 failed attempts in an hour before I block the IP.
By the way, anyone wanting their Wordpress site secured the right way and don't really have a clue how to do it, contact me to discuss it.
It will take me about 3-5 hours of work, total time. I'll give you more and charge you less than anyone else on the internet.
My website isn't quite finished (still needs FAQ & About page), but I have hung up my shingle for it, complete with testimonials from some familiar faces. :)
Stoic Joker:
...Maybe even add an automated redirector that sent anyone with more than 10 failed login attempts in a minute to the FBI's home page...
-Stoic Joker (August 21, 2014, 05:47 PM)
--- End quote ---
Are you kidding? I don't allow any more than 2 failed attempts in an hour before I block the IP.-app103 (August 23, 2014, 06:02 PM)
--- End quote ---
No - for an environment that is actually user friendly - I'm not. The average user that forgot their password will typically try between 3 and 5 passwords a minute. The typical automated attack will try between 2 and 5 times a second. So yes, erring on the side of caution so as not to risk piss of customers/clients/visitors ... I'd say 10 tries in a minute ensures their is indeed some funny business going on.
rgdot:
Are you kidding? I don't allow any more than 2 failed attempts in an hour before I block the IP.
By the way, anyone wanting their Wordpress site secured the right way and don't really have a clue how to do it, contact me to discuss it.
It will take me about 3-5 hours of work, total time. I'll give you more and charge you less than anyone else on the internet.
My website isn't quite finished (still needs FAQ & About page), but I have hung up my shingle for it, complete with testimonials from some familiar faces. :)
-app103 (August 23, 2014, 06:02 PM)
--- End quote ---
Didn't know about this, very cool app :)
SpoilerExpect tweets and stuff about it :D
app103:
Didn't know about this, very cool app :)
-rgdot (August 23, 2014, 06:23 PM)
--- End quote ---
Thank you. :)
It was a spinoff from an idea that mouser had, that didn't quite get off the ground, where I was going to team up with another DC member, to offer managed hosting of secured Wordpress sites. They would have handled all the server/hosting related stuff and I would have handled all the Wordpress setup and maintenance stuff, among other things.
Since it didn't pan out as expected, I decided to take my part of it and offer it to the public, without the hosting portion. I kind of put it all on the back burner shortly after setting up that site, when I landed a fantastic long term freelance job that takes up a large chunk of my free time. (so don't promote it too heavily, please)
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version