I wrote last week about a new site of mine, that was under sever attack from bots. Basically they were trying to login as admin and to register on the site. I told you I used the plugin Stop Spammer Registrations Plugin and how it stopped a lot of IP’s that were listed on numerous forums as bad IP numbers. I wrote an article here, how to set it up. (Up to, today, it has blocked 29167 bots registering)
Well since that article there has being a few developments. Firstly, the attacks on my site were so intense that my CPU went very high that my hosting company suspended my hosting. Luckily I have a second hosting company that I transferred my site to.
Then it emerged that sites made with WordPress are under sever attack from bots. It looks like who ever is doing this has over 90,000 different IP numbers. So if, like me, your banning IP numbers from accesses your site, using your htaccess file, well it now seems pointless.
The best way to defend and secure your site from these bots gaining accesses is to do the following.
If the name you use to access your site is admin, change it. The easiest way to do this, is use the free plugin Admin username changer. Click here to get it. Install it, activate and go to the sidebar in the dashboard, you will see a tab for Admin. Click on it and change your admin name.
Make sure you have a very strong password.
Install and activate the plugin Stop Spammer Registrations Plugin
Install and activate the plugin Limit Login Attempts
Update all plugins and Themes
And just in case, backup your site.