Online Fraud, Safe Shopping, Internet Security, Identity Theft

Posted on
Page
of 7
First Prev
/ 7
  • My parents in NL got defrauded via a Wattsapp scam. Those are on the rise there.

    Luckily all the money was recovered!

    Those people pretend to be kids/family that need urgent help and they targeted them in Dutch, not sure if the UK has these going atm, but yet another sign everybody can fall for them.

  • How many login attempts to a wordpress website would be cause for concern?

    I usually get about 10-20 per day. I use Limit Login Attempts Reloaded plugin on the site in question.

    All attempts are usually in batches from a single IP which then gets blocked after x tries so I presume it's low effort automation rather than specifically being targeted. Anything I can do to ensure security? Password is pretty solid, though it's stored in Chrome. My Chrome password is also pretty solid as these things go and I keep an eye on where it's being accessed.

  • I'm guessing not but do you have anything like a WAF in front of the site that can limit access to only the IPs that need access to the login page?

    I don't know much about WP but I presume it has its own way of limiting access to certain IPs. Can you lock it down further?

    Another option is to move the login page to a different, non-standard URL (ie. not wp-admin or wp-login or whatever it is). That should get rid of a lot of bots.

  • Thanks (nerd).

    The moving location is an obvious/free one I didn't think of so will look at that first before a firewall. Though yes, a plugin limiting to only my IP would be interesting too (presuming that for someone to either fake my IP or take over it I'll have bigger problems than who is accessing a WP site for a project I haven't shared yet).

  • I know some of the linux control panels have built-in IP restriction but I don't know what you can do with Wordpress (probs a plugin though). We generally don't have our admin login pages on things like /login.aspx or whatever just to stop bots finding obvious targets.

  • How many login attempts to a wordpress website would be cause for concern?

    Oooh... one of my favourite topics.

    Sign up to Cloudflare and use a Firewall Rule to protect /wp-admin if not from a certain IP (your home IP).

    Done.

    But otherwise Wordpress sites normally see massive login attempts in two ways:

    1. Attempting to brute force the website
    2. Attempting to brute force any ssh access

    The first you can solve with a firewall rule.

    The second, install fail2ban and configure that... if more than a few SSH attempts fail to auth in quick succession the IP of the client can be banned automatically for some period of time.

  • That's what I said.

    :P

  • Savage way to find out he's blocked you.

  • Let's be honest, has anyone NOT blocked me? Even I'm tired of my posts. banned

  • What did hippy say?

  • He said: "I wonder how flammable this Middle Earth box is..."

  • Depends on the attack roll and maybe the Critical Strike roll.

  • I know enough about this stuff to chuckle at that. :)

  • Post a reply
    • Bold
    • Italics
    • Link
    • Image
    • List
    • Quote
    • code
    • Preview
About

Online Fraud, Safe Shopping, Internet Security, Identity Theft

Posted by Avatar for ObiWomKenobi @ObiWomKenobi

Actions