Page 1 of 2 12 LastLast
Results 1 to 20 of 32
  1. #1
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Posts
    1,421
    Blog Entries
    5
    Thanks
    283
    Thanked 936 Times in 586 Posts

    Default Must Have Wordpress Plugins?

    Hello,

    Hours ago i have setup a fresh WP,and notice the first bruteforce attack

    Please tell me some "must have" Plugins for Affiliates!

  2. #2
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,030
    Thanks
    1,507
    Thanked 7,025 Times in 4,473 Posts

    Default

    WP Cerber

    Handles turning on or off RPC control if you choose and a LOT of brute force control right out of the box.

    Handles redirecting the log in and much much more.

    You can have it notify you every time a brute force attempt is made or turn that off, it logs the ip/subnets making the attempts.

    I have tried many others, but I install this one first on all new WP Installs now.

    Rick
    Universal4

  3. #3
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Posts
    1,421
    Blog Entries
    5
    Thanks
    283
    Thanked 936 Times in 586 Posts

    Default

    htaccess and IP-Range,serverside are maybe better than all this plugins.

    But lets move on, best seo plugin? Yoast ?

  4. #4
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,030
    Thanks
    1,507
    Thanked 7,025 Times in 4,473 Posts

    Default

    Yes, could be in your situation that works best for you, but many users need a more simple way.

    I am not sure how much monitoring you are doing on the logs, but you might wanna try WP Cerber to capture the brute force IP's for you, you could set it to not block, or allow the block and remove later and add the ip's manually yourself, not sure if it would save you time parsing the logs or not...just a thought...

    We recently had the seo plug ins question asked...last week if I recall, the two most suggested were Yoast and All in One

    Rick
    Universal4

    side note: I tend to take the worst offenders and add them to the server firewall, which stops them from hitting ANY site not just the ones blocked at site level

  5. #5
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Posts
    1,421
    Blog Entries
    5
    Thanks
    283
    Thanked 936 Times in 586 Posts

    Default

    i don't wanna put more plugins on my WP than necessary,because this can ends in a hack or a slow page.

    And,i have post my .htaccess on a another topic, maybe u can check it - it works for me,but feedback from are another person are always helpful.

  6. #6
    DaftDog's Avatar
    DaftDog is offline Private Member
    Join Date
    October 2008
    Posts
    1,702
    Thanks
    409
    Thanked 516 Times in 293 Posts

    Default

    For security Wordfence premium: https://www.wordfence.com/



  7. #7
    universal4's Avatar
    universal4 is offline Forum Administrator
    Join Date
    July 2003
    Location
    Sinking Faster, just when I thought it couldn't get worse it did!
    Posts
    25,030
    Thanks
    1,507
    Thanked 7,025 Times in 4,473 Posts

    Default

    I agree with progger on suggestions to use the least amount of plugins, I have found that wp cerber does not eat up a bunch of overhead and I have run some tests on stock installs of wordpress on an IP where I even left the hello world post to make it appear as a newbie page and even after the log filled with hundreds of block ip subnets after thousands of attack it did not seem to affect the performance at all...but this is always a concern and we should always be aware to monitor such things as the wrong plug-in or too many plug-ins can slow a site to a crawl.

    Rick
    Universal4

  8. The Following User Says Thank You to universal4 For This Useful Post:

    Moonlight Cat (23 July 2017)

  9. #8
    allfreechips's Avatar
    allfreechips is offline Private Member
    Join Date
    August 2010
    Location
    Ohio - The taxing state
    Posts
    908
    Thanks
    109
    Thanked 544 Times in 318 Posts

    Default

    Modsecurity on apache filters a ton of traffic just from malformed headers alone, I also tracked clicks on casino reviews on some new sites and noted that most bots wil hit 10-15 reviews in seconds, by far not natural behavior so I then can place them in a deny or better yet redirect their ass into something less desirable. Cloudflair also filters a lot of unwanted traffic but I think Progger noted in the past about not liking them! The free service is great
    Allfreechips online casino guide offers online casino reviews from our members. Also our exclusive No Deposit casino bonuses are always up to date. See the latest slot machine reviews at Hotslot and exclusive no deposit casino bonuses as well with a good dose of daily online gambling news to learn about pokies

  10. #9
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    3,256
    Blog Entries
    1
    Thanks
    1,107
    Thanked 1,177 Times in 682 Posts

    Default

    IMO these "Brute Force Attack" or "Security" WP plugins are flawed. Blocking IP's is only good for individual people trying to hack your wp-login. These days, 99% of all un-authorised access attempts, probing etc., etc, is donr via bots, who are using botnets. Many many Million of IP's.

    These WP plugins give people a false sense of security imho. The amount of dangerous bots they allow access for, is disturbing.

    The trick to stop this garbage, is to identify varied signals common to these attacks etc. For example: Blocking outdated browsers; FireFox 40.0 seems to be a popular identifer used by bots for the last year or so. Also blocking access from hosting companies, servers etc, instead onlt allowing bona fide ISP's access is another good way to stop the crap gaining access.

    I'm not going to post here my security methods. But feel free to PM me
    Last edited by AussieDave; 22 July 2017 at 12:06 pm.
    ---
    Do the right thing, even when no one is looking. It's called integrity.
    ---

  11. The Following User Says Thank You to AussieDave For This Useful Post:

    -Shay- (23 July 2017)

  12. #10
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    3,256
    Blog Entries
    1
    Thanks
    1,107
    Thanked 1,177 Times in 682 Posts

    Default

    Quote Originally Posted by allfreechips View Post
    or better yet redirect their ass into something less desirable.
    Problem with that is, spambots or hackbots don't (usually) follow forwarding rules
    ---
    Do the right thing, even when no one is looking. It's called integrity.
    ---

  13. #11
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Posts
    1,421
    Blog Entries
    5
    Thanks
    283
    Thanked 936 Times in 586 Posts

    Default

    move the wp-admin on a another link and use a second login over htaccess.... problem solved.
    ************************************************** *************************
    The other problem...content scraping/grabbing. Here i maybe need a plugin.

  14. #12
    sweetbet's Avatar
    sweetbet is offline Private Member
    Join Date
    November 2012
    Posts
    2,649
    Blog Entries
    5
    Thanks
    819
    Thanked 1,473 Times in 1,021 Posts

    Default

    iQ Block Country - Block visitors from visiting your website and backend website based on which country their IP address is from.
    Sweet Bet - Reviews of reputable online casinos, poker sites, sportsbooks & bingo halls
    USA Online Casinos | Canadian Online Casinos | Bitcoin Casinos | Live Dealer Casinos | Free Spin Casinos | US Online Casino Guide

  15. #13
    petimi's Avatar
    petimi is offline Public Member
    Join Date
    February 2016
    Posts
    119
    Blog Entries
    7
    Thanks
    25
    Thanked 58 Times in 44 Posts

    Default

    Jetpack's Security module is also very powerful against bruteforce attacks (works together well with Wordfence too if you want to be super careful).
    Enable "Brute force attack protection" and you can also manage whitelisted IPs manually (whitelist yourself).

  16. #14
    guala's Avatar
    guala is offline New Member
    Join Date
    July 2017
    Posts
    7
    Thanks
    0
    Thanked 3 Times in 2 Posts

    Default

    apart from all the security plugins listed above I always download yoast, wp-optimize and wp smush

  17. #15
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Posts
    1,421
    Blog Entries
    5
    Thanks
    283
    Thanked 936 Times in 586 Posts

    Default

    yoast is a past from my design and 7 other plugins...i have to use it.

  18. #16
    ApostaGanha's Avatar
    ApostaGanha is offline Private Member
    Join Date
    January 2007
    Posts
    153
    Thanks
    1
    Thanked 58 Times in 44 Posts

  19. #17
    ApostaGanha's Avatar
    ApostaGanha is offline Private Member
    Join Date
    January 2007
    Posts
    153
    Thanks
    1
    Thanked 58 Times in 44 Posts

  20. #18
    Progger's Avatar
    Progger is offline Public Member
    Join Date
    November 2014
    Posts
    1,421
    Blog Entries
    5
    Thanks
    283
    Thanked 936 Times in 586 Posts

    Default

    Thanks aposta,

    I use some plugins already...compression is the next stage.
    Plugin or serverside...i need to check it.

  21. #19
    ApostaGanha's Avatar
    ApostaGanha is offline Private Member
    Join Date
    January 2007
    Posts
    153
    Thanks
    1
    Thanked 58 Times in 44 Posts

  22. #20
    AussieDave's Avatar
    AussieDave is offline Public Member
    Join Date
    November 2005
    Location
    from the land downunder
    Posts
    3,256
    Blog Entries
    1
    Thanks
    1,107
    Thanked 1,177 Times in 682 Posts

    Default

    Quote Originally Posted by petimi View Post
    Jetpack's Security module is also very powerful against bruteforce attacks (works together well with Wordfence too if you want to be super careful).
    Enable "Brute force attack protection" and you can also manage whitelisted IPs manually (whitelist yourself).

    I don't wish to cut you down, but these WP "security" plugins are only good for actually keeping human (unlawful) access at bay. Fact is though, that's a very, very small % of 'attacks' a WP site is hit with on a daily basis. Instead, a site is hit with literally millions of BotNet IP's. So blocking these attampted "login ins" will only stop a single IP.

    So what happens is you get hit a million + times with one botnet then others do the same. All this achieves is a HUGE Database full of banned BotNet IP's, which doesn't stop the crap trying to login into your site, or even spammers, who now use BotNets too.

    One simple process can acheive all this, and do away with extra plugins which do take up (sometimes) massive resourses, which slow down your site. Granted theough, you'd need to be php/.htaccess savvy. If your not I suppose you've got limited options.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •