Hackers! Just hearing that word makes any WordPress website developer or site administrator cringe. If you’re wondering how to block hackers from your WordPress site with an effective method, you’ve come to the right place.
Lets face it. WordPress is a very popular website platform, and like anything that gains Internet-related notoriety, it ultimately becomes a target to hackers. I just don’t get why these individuals invest so much time trying to infiltrate and destroy other people’s property? I only know that I sleep better knowing that my website is protected from their antics!
Discovering WordPress Hackers
Before I get into the technique of blocking hackers, I thought I would briefly explain how I discovered that my website was under attack.
It all started when I saw a lot of traffic to my website. I logged in to my Google Analytics account and took a look at the source and frequency of visitor traffic to my website. Operating as a US based business, I have little need for visitors from anywhere but the United States. I had visitors from Brazil, Russia, United Kingdom, and China, just to name a few.
These foreign visitors were spending a great deal of time on my site and I wasn’t quite sure what they were up to. I needed to find out just what they were up to.
One Technique of Blocking WordPress Hackers
After experimenting with several security plugins and monitoring what visitors were up to, I realized that a large majority of traffic was going to the default WordPress login URL. Hmmm, trying to log in were they? By the way, good luck with that! I never use the default “admin” username, I changed the user “nicename” in phpMyAdmin, and the password is very, very strong! Anyhow, I fixed that potential issue by changing my login URL to a custom one. But that didn’t stop them from trying to hack the login or otherwise mess with my website.
Blocking Hackers by IP Address
What I was really after was a means to block the relentless hackers from other parts of the world from being able to visit my website altogether! After many trials and errors I finally settled for the “All-In-One Security” plugin, and began monitoring 404 Not Found errors. In relevant part the plugin shows me the source of the 404 error and the visitor’s IP address.
I take the IP address and run it through IP Geek to see where it is from. Once I determine that the visitor is NOT wanted, I simply use the plugin to “blacklist” the IP.
This should be enough of a deterrant to keep them away for a while – until they attain a new IP, that is.
I’ve blocked literally hundreds of IP’s from all over the globe.
Hey hackers! Get a clue – you’re not welcome here!!
Feel free to ask questions or details, or to give your two cents worth in the comments below