How can I protect my WordPress Site from bad people?

Support and Discussion General Discussion
,
1

someone trying to login into my WordPress admin…

36 wrong password login attamp today from those 4 ip [154.6.18.22] [159.223.50.155] [51.104.54.139] [20.226.0.134]

400 spammy Accounts registered on my site in 2 months

My site is Very small, What do they want from me or my site! I not understand why they are trying to login into wp-admin, what are their benefits!

I need WordPress security suggestions to get rid of Spam User Registration and Bad login attacks.

Screenshot 2022-04-12 203059
Screenshot 2022-04-12 2030591105×390 78 KB

1 Like
2

Hello,
You can use WPS hide login plugin to hide the admin panel path. I recommend adding a recaptcha to the login and registration form. Also connect your site to cloudflare and use the firewall.

1 Like
3

simple way:
use loginizer
block 2 times attempt
with 99999999999999999999999999999999999999 hours
and permanent block :slight_smile: lol

hard way
change the /wp-admin to another name with

then… use random post redirect
redirect 301 wp login and wp admin to random post
violaaaa you got free traffic but carefull for bouncerate

2 Likes
4

Don’t forget to secure SSH via Cyber panel dashboard: create another user with Sudo privileges and lock root. In this case, everyone trying to access your server via SSH as root will “hit the wall”, while you will be able to log in with a newly created user as an administrator.

1 Like
5

@peakminute Could you please explain a bit more how to do this? I currently login to cyberpanel with the default admin user and ssh with root user. I’d like to close those off and use a custom user for each, as you’ve suggested.

6

Whoever uses Linux knows Root is a superuser, which got the highest privileges. :muscle:
Does not matter if you will protect your WordPress or Cyber Panel dashboard login. If you’ve got access from the server side you will be able to do whatever you want.
Guess what: all those bad people (hackers) know that as well… By figuring out the correct username it is halfway job done for exploiting your server.

That being said go to the terminal and create another user, and assign sudo privileges for that user.

  1. Login to the server via terminal
    ssh root@server-IP-address
  2. Create new user (you will be prompted to create a new password)
    adduser username
  3. Add user to “sudo” group
    usermod -aG sudo username
  4. Test sudo access by connecting to the server using new credentials and running the command
    sudo whoami
    The output shoud be “root”

When everything is done login to the Cyber panel dashboard/security tab / secure SSH and there is a slider to turn off the root user.

secure ssh
secure ssh1454×526 62.5 KB

1 Like
8

Thanks very much. What do you think of turning off root password access and just using an ssh key with root user?

1 Like