Recently I had someone write to me that they think their website was hacked and wanted my help to find out if it was indeed hacked. I spent a few minutes checking Majestic and I saw a fair amount of anchors that had “nike” and other undesirable kw’s in them. I looked a little more and was able to identify that they had created additional pages and were using this persons money site as their own PBN.
As anyone that does internet marketing knows, the easiest way to destroy a good website is to start promoting crap unrelated to your niche, and build a ton of junk backlinks to your site. This guy has a good amount of work ahead of him because he not only needs to remove the added pages, but he has a lot of work ahead of him disavowing the junk links that were built. Worst is these links may continue to be built to his site even with the pages deleted as the hackers may not be aware their pages are removed.
I asked this website owner what they did to secure their site. “Nothing” was the reply. So my question to the people that read this is, how secure is your website? Do you even know? If you are not using some form of security plugin on your website, or doing something else to keep your site secure, you have no idea if you are the target of hackers, or if your site is even hacked until it’s too late.
I decided to set up a honeypot site I had up before. Its a PR 3 site that seemed to attract a decent amount of attention when I had it up before. I have the domain secured through some methods done on the server plus a plugin named Better WP Security (the name has been changed in the last few months to iThemes Security, but its mostly the same thing just updated and with a name change). What happened next floored even me.
First off, today was the 2nd day the site has been back online in some time. Last night was when the trouble first started, but it was minor. I’ll get into exactly what it was in a second. The site is set up to email me every time someone is locked out. What this means is, every time someone attempts to log in and fails to enter the correct login information 2 times they are locked out based on their IP address. The default to lockout is 3 times, but given I know the login to every user on the domain, I dropped it for extra security. The lockout time is for 15 minutes after they fail twice.
Also, because of the security program the login location was changed from www.domain.com/wp-login.php to www.domain.com/admin-login/. So this means that they’re not just casually trying to get in, they’re scraping pages of my site to try to find the login page, and entering in bad information. So again last night was the first attempts to access my site. There were 3 attempts yesterday.
Today it picked up a bit. To show you just how much they wanted in my site, take a look at the number of emails my site sent me over a 20 minute period earlier today. 67 emails is what I had received in 20 minutes. So far at the time of writing this post I’ve had 192 hack attempts on my site. This 192 only counts the ones where they’ve tried to actually log in. Once they are locked out a 2nd time, the site also bans the IP of the attacker.
So it is entirely possible that they’re trying to gain access still, but that the IP they are using can no longer access the site to try. This is a good thing because you really do not want to keep letting these people try to access your site. Even if you chance the user name from admin to something else, and have a good password, if you let them keep trying to log in, eventually they will.
So… how many login attempts have hackers made on your site today? Is your username still admin? Is the login to your site at the default page so ANY unskilled hacker can find it and try to log on? Do you have a way to limit the amount of login attempts people can make before being locked out?
If you don’t, and you don’t know how to install and maintain the security plugin maybe you want to contact me to set it up for you. The amount of work it can save you in the long run can amount to a few dozen hours, or thousands of dollars *(depending on how much your site is worth and how much there is to repair if you hire someone like me to fix it for you later). If you want to know your site is safe, and not just hope for the best, hire me, or read one of my tutorials on how to install and set this software up for yourself. It is the only way that you can greatly minimize the chance of having your site hacked.
In addition to this plugin, which records the banned IP’s there are other things you can do to proactively. Keep in mind that you will want to back everything up on your site before doing any of these changes, but especially before you edit your .htaccess file. If you have a local site that will only be getting traffic from the Chicago area, you can block IP addresses from outside of the US.
There really is no reason to let people or crawlers from Russia or China (the 2 countries with the people most likely to hack your site) on your site. Again you can make edits with .htaccess or you can do this with Spyder Spanker. Spyder Spanker is easier, especially if you’ve never edited the .htaccess file, but it is slightly slower. Either way you go, this will greatly secure your site. Doing this with the above security program iThemes Security should be the absolute minimum you do to protect your site. The combo of the 2 should secure your site from all but the most dedicated hackers. Try not to piss off someone to get them to that last stage 😉
Again if security is something your site is missing I’m happy to help you secure your site. Hit me up with the contact form on the contact page. Good luck, and stay secure!