Wordpress
- Thread starter Sangoma
- Start date
THIRTYFIVEMILL
Suspended / Banned
- Messages
- 4,911
- Name
- Duncan
- Edit My Images
- No
Yes, be sure to run Wordfence and Askimet as a minimum.
OP
Sangoma
Suspended / Banned
- Messages
- 2,951
- Name
- Steve, Coventry, England
- Edit My Images
- Yes
I am using Wordfence, Antispam Bee (on the one site where non-logged in users are able to comment) and Limit Login Attempts Reloaded where I have set it to lockout after 1 failed attempt for the maximum numbers of hours and days, (except on one site where I have a forum, where I am a little more generous 
) with one safe IP so that I don't lock us out! (not the IP I use daily)
I have also found that subdomains ( here.[domain].uk ) have a small fraction of login attempts compared to root domains
Also, found having TLS (SSL) makes no noticeable difference to login attempts. (not that it would really, but many people think it should)
I really don't think it is significantly less secure that any other system, just that it installs without the needed security measures, and people don't know about them so more Wordpress sites get hacked compared to other similar ones, plus of course the huge number of sites that use it.
) with one safe IP so that I don't lock us out! (not the IP I use daily)I have also found that subdomains ( here.[domain].uk ) have a small fraction of login attempts compared to root domains
Also, found having TLS (SSL) makes no noticeable difference to login attempts. (not that it would really, but many people think it should)
I really don't think it is significantly less secure that any other system, just that it installs without the needed security measures, and people don't know about them so more Wordpress sites get hacked compared to other similar ones, plus of course the huge number of sites that use it.
OP
Sangoma
Suspended / Banned
- Messages
- 2,951
- Name
- Steve, Coventry, England
- Edit My Images
- Yes
Yes, one of the first things to do especially as it allows you to see if there are any problems that allow them to get the admin usernameAlso change the login from 'Admin' to something else if you haven't already done so.
D
Deleted member 95430
Guest
TLS i dont think would reduce login attempts just make them more secure. All bots scanning all the ports constantly. I left ssh port open to the web once and it got absolutely hammered.
Id only host now on a virtual server now such as digital ocean cos its cheap and never have to expose my home network
interested in building a wordpress site on the cheap instead of paying square space too much cash
Id only host now on a virtual server now such as digital ocean cos its cheap and never have to expose my home network
interested in building a wordpress site on the cheap instead of paying square space too much cash
OP
Sangoma
Suspended / Banned
- Messages
- 2,951
- Name
- Steve, Coventry, England
- Edit My Images
- Yes
I pay £10 a month and have a lot of websites, unlimited traffic, unlimited emails, one click installations for many types of site, domains are reasonable, unlimited subdomains.
I tried a server at home in 2002, and soon decided it was not such a good idea