iThemes Security Plugin Under Attack

Home Forums WordPress iThemes Security Plugin Under Attack

Tagged: 

This topic contains 11 replies, has 1 voice, and was last updated by   Stella Reynolds .

  • Author
    Posts
  • #4135

    Anthony Andrews
    Member

    Question: I have the iThemes security plugin for one of my client sites and it’s under regular attack. I get email notifications multiple times a day telling me about hackers trying to get in with “admin” username, and also trying to access files that don’t exist. Is this normal? Should I be worried this particular site is being even more targeted than other sites?

    • This topic was modified 1 month ago by   Peter Wootton.
    • This topic was modified 1 month ago by   Peter Wootton.
  • #4136

    James Chalmers
    Member

    Same me. And I Changed Login URL

    • #4137

      James Chalmers
      Member

      Wow. Not good!

    • #4138

      James Chalmers
      Member

      iThemes > Settings > Advanced > Hide Backend

    • #4139

      Jenny Ting
      Member

      and iThemes > Settings > Local Bruce Force Protection > Automatically ban “admin” user

    • #4140

      Jenny Ting
      Member

      Yup, I did that already. I never use admin as my login username on websites. I just get the email notifications of people trying it… like 4 times a day or more

    • #4141

      Jenny Ting
      Member

      I may have to consider hiding the back-end… I’m in the website a lot though and so is my client

    • #4142

      Jenny Ting
      Member

      If the website uses the default login url, you will receive the above message repeatedly. Unless you turn off notifications in iThemes, or change your login url. I have managed nearly 50 websites, and received more than 100 emails per day ….

    • #4143

      Keith Millar
      Member

      You only have to worry about those which get through – and I have never had one get through with iThemes Security.

    • #4144

      Keith Millar
      Member

      and block 404 request

  • #4145

    Keith Millar
    Member

    Yes, turn on “ban admin” option. And reduce your notifications to a digest. This is basically iThemes Security doing its job.

  • #4146

    Stella Reynolds
    Member

    Yes, it’s normal. Also, suggest banning ‘admin’ and changing your login URL (like the others above). But those are bots, they just roam the internet trying to get into anything they find from wp-login.php. Bots are an unfortunate reality of life. Changing the login URL gets rid of a lot of the very basic bots.

You must be logged in to reply to this topic.