What a coincidence since I had someone from a similar IP from Ashburn US hit my website yesterday for hours. At one time there were 14 browsers open simultaneously searching different pages and product categories? I just blocked the entire IP range.
Thanks so much! Your speaking pace is great, clear, and explanations very helpful! Much appreciated (as I am old and hard to teach). -Author M. Lauryl Lewis
This video is great! It will be great if you could keep addressing in the same manner (in-depth and by example) several security vulnerabilities for Wordpress web sites. Thanks for the video! ;-)
Hi Danny, turns out I do have a bunch of other videos about difficult vulnerabilities. Here are a couple you can check out: 1. Social.png (CryptoPHP) Hack Explained- ua-cam.com/video/bXnDaXVtBKM/v-deo.html 2. SQL Injection Hack Explained- ua-cam.com/video/GEC4idKHd74/v-deo.html 3. Cross-site Scripting (XSS) Attacks Explained- ua-cam.com/video/Ci5bAT2Gp2s/v-deo.html 4. Brute Force Login Attacks Explained- ua-cam.com/video/BGz80GI5sEU/v-deo.html Let me know what you think and thanks for watching!
Great, thanks for your reply and for the interesting links! I believe that the Wordpress community really appreciate your effort since there are too many Wordpress tutorials out there but not many go in depth into the security aspects of Wordpress
Hi. Great video. Question for you. If my business is very local based. i.e. 50 kilometre radius to where I live, should i automatically block all page not found I P addresses given that i will never get business from america or china or russia for example
+vimal nathwani It could be something to consider, but what if a local customer is traveling and while they have some free time they want to look up your site so they can call you as soon as they get back? Then it would not be good to block them. That may be a rare, but it could happen. I personally would not block anyone outside of my business radius, but I don't know your business as well as you do. I hope that helps and thanks for watching!
+Tim Cantrell That is a fact Tim. I have 'making an updated tutorial for Wordfence' on my list. As well as updated tutorials for a lot of other plugins like W3C, SEO Yoast, etc.
Hello, just a quick question. In my wordpress --> tools section I can see live/security only traffic. One specific IP is bombarding me with hits (around 40 a minute) and trying to reach back end of my site /?wordfence_syncAttackData and so on. I have manually blocked the IP but in live traffic I can still see this IP attacking with requests. So my question is whether it is being blocked? And if yes, why it keeps on trying? Since blocking the IP, the volume of hits did not decrease. Thanks in advance!
Wow, this seems like it could be very time consuming to ensure you're constantly keeping up and having to research all this stuff. How often should someone do these routine blocks, etc?
Good question. Depends on how much security risk you want to have and how many attempts to hack your site you receive. As a rule of thumb, if your site get lots of traffic then you'll want to do this often. If your site get less traffic you can do it less often. You can also be more hands off by using the Cloudflare Firewall or the Sucuri Firewall where all of your traffic is first routed their servers. They filter out malicious and suspicious visits and then send the clean traffic to your site. The visitor can't tell their going through a firewall.
I recommend changing your name, making a password at least 12 characters long and use two factor authentication. For the most part that will stop brute Force attacks.
I am really new to this wordfence thing and I wish I knew about it before. What happens if you created a website without this plugin? Would you still be secured? I mean I see the people who were trying to hack your website are a lot and I'm afraid that's what happened before I installed this plugin..Any advices?
Hello, actually I have a serious problem with my wordfence plugin ; after upadate my wordfence with the last version, I can not access to wordfence options page , can't scan ect.... I think taht I must make someting with my manager files , something like this....please can you help me? thx a lot
Hey Bjorn, great video as always! Any chance man you have a more recent version with 2019 WordFence - I don't see these IP [block] easy click options in one of my main sites that keeps getting hit up from a Russian IP trying to login. I'd luv to have a go to easy block option but can't seem to find how to do via my Managed WordPress based sites. The newer WordFence very complex, easy to get lost in all the settings now days and just don't see IP blocker options. Big Thanks for any assist!
Today's hack tools include constantly changing IP addresses specifically to avoid blocking efforts. It seems reasonable to let WordFence and our other codes applied root handle hackers. I don't look anymore. There have been times I grew very anxious when someone continued brute force efforts for several weeks, 24/7. There was nothing I could do but review how well-covered I was. I tried new ways to hide things, etc., but I was exhausting myself. Oddly, a math captcha seemed to do more than anything else I tried, and my protective codes held. One IP would attack for a couple minutes, then another would pick right up, etc. My nerves can't take watching it happen. Oh. And I set my login to two chances. Hiding my login page did nothing to stop the bot from trying to log in.
on a shared hosting account I have no way to control the /cpanel and /webmail URLs extensions from being accessed through the browser. Is it a good idea to put these into Wordfence and block all IPs trying to reach them?
+Miguel Guizar Hi Miguel, your best bet will be to log into website via cPanel or FTP then go to wp-content/plugins, identify the Wordfence plugin's folder and change the name of the folder. That will deactivate the plugin so you can log in again. When the lockout time is over you can change the name of the folder back and reactivate the plugin.
I have wordfence, and I whitelisted my IP which is STATIC, I also whitelisted cloudfares 1million IP's and I get "your access to this site has been limited" error 5-20 times a day. I can't work. I don't know what to do and no one will give me a direct answer on anything even slightly relevant to my problem.
+Erik Bush Hi Erik, just to clarify my understanding. You get the error 5 to 20 times a day and sometimes it works fine? Or it never works as it should?
and the only solutions i've found are whitelisting your IP - which i've obviously tried already or just disabling wordfence advanced blocking.. but it seems slightly redundant to lose extra functionality just to gain standard usability/functionality back... lol
Hey again! I found the solution, i had to add ::1 to the trusted proxies! i have no clue how that works but my months of being blocked by wordfence are over We've tested it, we never get "access limited" but anyone outside of our home network DOES get blocked.
not smart.. say NO to programs you can not buy one price who want you to pay forever in MONTHLY FEES! no to wordfence when you can OWN other one time programs!
There are pro and cons to both business models. The biggest pro to software that requires a monthly payment is that developers have an incentive to keep improving it and making it better. Otherwise they're membership base will "jump ship". This is especially important in the online security space where things change rapidly. Also an FYI, all of the videos on this channel that feature Wordfence use only the FREE version of Wordfence.
and again. ALL programs usually do upgrading and things. Does not mean I will support those trying to get LIFETIME payment for one on everything I buy or order. Not changing diapers the rest of my life on my kids either. if a purchase use ONe TIME, i have interest. When monthly, i will not support such is all. I dont care if its microsoft! I realize they give a free small program, just saying their premium is MONTHLY FOREVER vs one time. hats all, so when i see companies doing that, i choose other things.
Website Security is Very Important and I am sure that no one can blink the eyes just for millisec while watching your video, Great Work.
Thanks Rajat! You're right, website security is very important. Good for you for getting a handle on it.
Thanks for watching!
What a coincidence since I had someone from a similar IP from Ashburn US hit my website yesterday for hours. At one time there were 14 browsers open simultaneously searching different pages and product categories? I just blocked the entire IP range.
Thanks so much! Your speaking pace is great, clear, and explanations very helpful! Much appreciated (as I am old and hard to teach). -Author M. Lauryl Lewis
+Marcy LEWIS I'm glad I could help! Thanks for watching and commenting!
This video is great! It will be great if you could keep addressing in the same manner (in-depth and by example) several security vulnerabilities for Wordpress web sites.
Thanks for the video! ;-)
Hi Danny, turns out I do have a bunch of other videos about difficult vulnerabilities. Here are a couple you can check out:
1. Social.png (CryptoPHP) Hack Explained- ua-cam.com/video/bXnDaXVtBKM/v-deo.html
2. SQL Injection Hack Explained- ua-cam.com/video/GEC4idKHd74/v-deo.html
3. Cross-site Scripting (XSS) Attacks Explained- ua-cam.com/video/Ci5bAT2Gp2s/v-deo.html
4. Brute Force Login Attacks Explained- ua-cam.com/video/BGz80GI5sEU/v-deo.html
Let me know what you think and thanks for watching!
Great, thanks for your reply and for the interesting links!
I believe that the Wordpress community really appreciate your effort since there are too many Wordpress tutorials out there but not many go in depth into the security aspects of Wordpress
Thanks for the encouragement Danny!
Really helpful!!! THANKS
Thank you very much! This really helped me al lot.
Great channel. Thanks for doing these.
+Mark Hallam You're welcome Mark. I'm glad I could help!
I think he works for wordpress and its his job?
great video.
Thanks
You're welcome. Thanks for commenting and I'm glad you liked it!
Thank's A++++
+C_IT Martin No problem. Thanks for watching!
I don't have WORDFENCE Mark, should I? My plan is the middle priced plan. Also do you have a tutorial on making a register pay to enter (wordpress)
Hi. Great video. Question for you. If my business is very local based. i.e. 50 kilometre radius to where I live, should i automatically block all page not found I P addresses given that i will never get business from america or china or russia for example
+vimal nathwani It could be something to consider, but what if a local customer is traveling and while they have some free time they want to look up your site so they can call you as soon as they get back?
Then it would not be good to block them. That may be a rare, but it could happen.
I personally would not block anyone outside of my business radius, but I don't know your business as well as you do.
I hope that helps and thanks for watching!
Hey Bjorn! There have been some major updates and improvements to Wordfence since you made this. How about an updated video?
+Tim Cantrell That is a fact Tim. I have 'making an updated tutorial for Wordfence' on my list. As well as updated tutorials for a lot of other plugins like W3C, SEO Yoast, etc.
Hello, just a quick question. In my wordpress --> tools section I can see live/security only traffic. One specific IP is bombarding me with hits (around 40 a minute) and trying to reach back end of my site /?wordfence_syncAttackData and so on. I have manually blocked the IP but in live traffic I can still see this IP attacking with requests. So my question is whether it is being blocked? And if yes, why it keeps on trying? Since blocking the IP, the volume of hits did not decrease. Thanks in advance!
Wow, this seems like it could be very time consuming to ensure you're constantly keeping up and having to research all this stuff. How often should someone do these routine blocks, etc?
Good question. Depends on how much security risk you want to have and how many attempts to hack your site you receive. As a rule of thumb, if your site get lots of traffic then you'll want to do this often. If your site get less traffic you can do it less often.
You can also be more hands off by using the Cloudflare Firewall or the Sucuri Firewall where all of your traffic is first routed their servers. They filter out malicious and suspicious visits and then send the clean traffic to your site. The visitor can't tell their going through a firewall.
I recommend changing your name, making a password at least 12 characters long and use two factor authentication. For the most part that will stop brute Force attacks.
I am really new to this wordfence thing and I wish I knew about it before. What happens if you created a website without this plugin? Would you still be secured? I mean I see the people who were trying to hack your website are a lot and I'm afraid that's what happened before I installed this plugin..Any advices?
Hello, actually I have a serious problem with my wordfence plugin ; after upadate my wordfence with the last version, I can not access to wordfence options page , can't scan ect.... I think taht I must make someting with my manager files , something like this....please can you help me? thx a lot
Hey Bjorn, great video as always! Any chance man you have a more recent version with 2019 WordFence - I don't see these IP [block] easy click options in one of my main sites that keeps getting hit up from a Russian IP trying to login. I'd luv to have a go to easy block option but can't seem to find how to do via my Managed WordPress based sites. The newer WordFence very complex, easy to get lost in all the settings now days and just don't see IP blocker options. Big Thanks for any assist!
Today's hack tools include constantly changing IP addresses specifically to avoid blocking efforts. It seems reasonable to let WordFence and our other codes applied root handle hackers. I don't look anymore. There have been times I grew very anxious when someone continued brute force efforts for several weeks, 24/7. There was nothing I could do but review how well-covered I was. I tried new ways to hide things, etc., but I was exhausting myself. Oddly, a math captcha seemed to do more than anything else I tried, and my protective codes held. One IP would attack for a couple minutes, then another would pick right up, etc. My nerves can't take watching it happen. Oh. And I set my login to two chances. Hiding my login page did nothing to stop the bot from trying to log in.
on a shared hosting account I have no way to control the /cpanel and /webmail URLs extensions from being accessed through the browser. Is it a good idea to put these into Wordfence and block all IPs trying to reach them?
Hi Diana,
That is a good idea. There is no reason anyone besides yourself should be trying to access those areas.
hi sir, Can have a tutorial video on talking about how to decide whether the IP is hacker? thanks!
I've added it to my list, thanks for the suggestion!
Hacker is doesn't attack wordpress, he attack to database
how to get into the website when wordfence locks you out?
+Miguel Guizar Hi Miguel, your best bet will be to log into website via cPanel or FTP then go to wp-content/plugins, identify the Wordfence plugin's folder and change the name of the folder. That will deactivate the plugin so you can log in again. When the lockout time is over you can change the name of the folder back and reactivate the plugin.
I have wordfence, and I whitelisted my IP which is STATIC,
I also whitelisted cloudfares 1million IP's and I get "your access to this site has been limited" error 5-20 times a day.
I can't work. I don't know what to do and no one will give me a direct answer on anything even slightly relevant to my problem.
+Erik Bush Hi Erik, just to clarify my understanding. You get the error 5 to 20 times a day and sometimes it works fine? Or it never works as it should?
It never works as it should. Never experienced this problem with any other website i've made
and the only solutions i've found are whitelisting your IP - which i've obviously tried already
or just disabling wordfence advanced blocking..
but it seems slightly redundant to lose extra functionality just to gain standard usability/functionality back... lol
Hey again! I found the solution, i had to add ::1 to the trusted proxies! i have no clue how that works but my months of being blocked by wordfence are over
We've tested it, we never get "access limited" but anyone outside of our home network DOES get blocked.
spicesofyourlives.com Great video I'm curious can you use word fence as your main security plugin for WP.
not smart.. say NO to programs you can not buy one price who want you to pay forever in MONTHLY FEES! no to wordfence when you can OWN other one time programs!
There are pro and cons to both business models. The biggest pro to software that requires a monthly payment is that developers have an incentive to keep improving it and making it better. Otherwise they're membership base will "jump ship". This is especially important in the online security space where things change rapidly.
Also an FYI, all of the videos on this channel that feature Wordfence use only the FREE version of Wordfence.
well, thats always been a situation. its called upgrades. and they come automatically with most programs
and again. ALL programs usually do upgrading and things. Does not mean I will support those trying to get LIFETIME payment for one on everything I buy or order. Not changing diapers the rest of my life on my kids either. if a purchase use ONe TIME, i have interest. When monthly, i will not support such is all. I dont care if its microsoft! I realize they give a free small program, just saying their premium is MONTHLY FOREVER vs one time. hats all, so when i see companies doing that, i choose other things.