Angela McCall

  • Blog
  • About
  • Portfolio
  • Services
    • Development
    • Responsive Design
    • Website Management
  • Store
  • Contact

How to Stop Brute Force Attacks (Part 1)

August 27, 2014 by Angela McCall 60 Comments

How to Stop Brute Force Attacks

I’ve never thought I would have to deal with Brute Force Attacks until now. This is my first time I have ever been attack. Hundreds of them a day. They started it since August 21, 2014.

I told Carol Amato about this and said, “Ever since I change the setting on CommentLuv, there are bizillion intruders tries to get in my domain. Hundreds a day! 🙁 I changed the setting back where it used to be but the people still trying to INTRUDE my domain are still coming like CRAZY. Dunno what to do now.”

Carol said, “That doesn’t sounds like a plugin malfunction, that sounds like a brute force attack – call your hosting company and see if there is anything fishy going on.”

I emailed Geoff (my hosting service) and asked for his help and he said that his wife, Susan, used Limit Login Attempts. And they’ve been attacked frequently and now it’s my turn. Wow. I never thought I would experience anything like this. But there is always first time for everything, isn’t it?

You can see the screenshot of the Brute Force Attacks here.

I first heard Wordfence from Tim Bonner. I had Limit Login Attempts installed then but I switched to Wordfence when I heard that this can do more advance blocking.

It has the same feature as Limit Login Attempts but it can do more.

For instance, it warns me for malwares when I click on that link from CommentLuv that others left me to read on their blog. It warns me if there are viruses on the site I visits. It also alerts me when I need to update other plugins in my blog.

It alerts me right away all the intruders who tries to get in my site. It tells me their IP address and what Username they were using to try to get in my blog.

Related Post: Wordfence to the Rescue

What is Brute Force Attacks?

Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. ~Codex

These morons enters all kinds of Usernames and Passwords in your blog over and over and over again. If you use “admin” username you are more likely to get hacked. Some are too lazy to create strong password and just use “123456” on their site. Now c’mon you can do better than that.

Don’t use “test” for a username either. Most of all never use “admin” for a username. Make your password 20-characters long. Make sure you use the upper case, lower case, numbers, alphabets, and mix it with characters like @%#$^&*. And change your password quite often.

Never ever use the same password for all of your social media and/or blog. I used LastPass to remember all of my passwords on computer, tablet, and iPhone. It’s free and every blogger should have it. Use the LastPass password generator to create new password for your site or social media.

Check out the Wordfence Security

As you can see Wordfence has a lot to offer when it comes to either free or paid option. I will not repeat what Tim Bonner mentioned on his blog but I thought a picture is worth a thousand words. So take this image and check it yourself. They have a lot of good stuff to secure your blog.

Wordfence Security - Free and Paid

The free option was great. I get alerts on intruders every day. But I was so nervous last Saturday, I couldn’t sleep. I had to do something to stop these Brute Force Attacks. And so I decided to get the premium one.

On this one it allows me to block the whole country (i.e. China). Btw, I am so disgusted by this country, I have actually blocked the whole country. Perhaps they are good for creating our goods here in America. BUT…

Enough is enough when it comes to trying to invade my home. Last time they hacked my Twitter. I was just a new blogger online and only have 500 followers on Twitter, that’s not very much. I thought who would hack the little ol’ me? Lo and behold these people don’t choose whether you are small or big.

They just do not like bloggers! Specially new bloggers!

12 Greatest Plugins to Secure Your Blog

  • Limit Login Attempts
  • Block brute-force attacks
  • BruteProtect
  • Lockdown WP Admin
  • WP Fail2Ban
  • Admin Renamed Extended
  • Enforce Strong Password
  • Wordfence Security
  • 3WP Activity Monitor
  • All in one WP Security
  • Rename wp-login.php
  • Brute Force Login Protection

All of the above are suggested by WordPress.org. If you prefer not to use Wordfence, feel free to use these ones. Limit Login Attempts does a good job also. But I prefer Wordfence, just my opinion.

Cellphone Sign-in through Wordfence

Cellphone Sign In - only for Worfence Security Premium users

This is great. I just tested it. Entered my Username and Password and it gave me a message like “sign in again and add a space and the code to the end of your password”. This is pretty cool.

Ever since I entered the CODE from my cellphone, the Brute Force Attacks stopped. I’m not sure I want to wait for these attacks to stop on that FREE Wordfence plugin.

This time they cannot get in my blog unless they have that code. I know there are probably other security that could provide me the same thing but I’d rather pay the “premium” because I know for sure that the plugin is getting updated everytime. I know that not everyone likes signing with the code through their iPhone.

But to me, it is a LOT safer. Who said that these intruders won’t be back? Since my computer remembers my passwords anyway and I only have to sign-in once in a while, I think it is worth it.

Some of the Strong Password Generators

Passwords iPhone

  • LastPass — can remember all passwords
  • Passwords – (this is the one I used on my iPhone)
  • cPanel – even your hosting service have its own password generator
  • iPhone Password Tools – never tried this one but looks good
  • Keeper Password Manager – for Android user

These are only a few I mentioned. I’m sure you can google these Password application both for your iPhone, Smartphone, or Android. But so far these are the top ones I like to use. Rated: 4.4 to 5 stars.

You can change your WordPress username. Instead of using “admin” you can create a much harder username to guess. Please go to Adrienne’s post here: How to Change Your WordPress Username

Make Your Password Super Hard

Never ever use a password that you can find in the dictionary. Never use your name, last name, year you were born, birthday, social security number, or your home address.

Make your password super hard. Something that doesn’t make any sense. That even you can’t remember it. Remember, you can use LastPass to remember all your passwords.

What is Your Method of Securing Your Blog?

I am willing to hear your experience. Please share with me what you did during the Brute Force Attacks. What did you do? Please leave your comment below and share with me and my readers. Thank you.

NOTE: Make sure you read Part 2 here.

Related Posts

  • How to Blacklist Spammers & IntrudersHow to Blacklist Spammers & Intruders
  • How to Stop Brute Force Attacks (Part 2)How to Stop Brute Force Attacks (Part 2)
  • How to Create an Animoto VideoHow to Create an Animoto Video
  • The Orbs in My PhotographsThe Orbs in My Photographs

Filed Under: blogging, security, video blogging, videos Tagged With: 12 greatest security plugins, brute force attacks, hackers, intruders, security, video blogging challenge, wordfence

Comments

  1. Harleena Singh says

    August 28, 2014 at 5:05 am

    Hi Angela,

    My goodness! You surely went through a great deal!

    One can never imagine to the extent hackers can go to and what all they can do to our blog, even when we take the utmost care and use all the security measures. Yes, I had read that one of Tim’s long back and a few others too and presently use WordFence and Akismet and the combination seems to be working well.

    However, I read in the newspaper today that China had attached the US net directly, and this was just 1-2 days back, getting into some ward patients details and they had hackers who were crossing all limits, so might just be those fellows for all you know.

    Speaking of myself, and perhaps it’s not related to this, but spam has become nearly zero once I removed the links of CommentLuv, nor are there any broken links. But yes, a proper brute force attack is different, just as you mentioned – and I saw the image too!! You need to be so sure about your password and keep changing them and use a mixture of alphabets, numbers, and everything else. I usually save them up in a notepad, haven’t tried anything else so far, even though I’ve heard of LassPass being good, I haven’t yet gone ahead and tried it.

    Gosh! What a nightmare it must have been for you, though as they say there is always something positive, so I am glad that you learnt so much after this little episode and are so more knowledgeable and aware now.

    Thanks for sharing this with us and warning us to be aware too. Have a nice and safe, rest of the week 🙂
    Harleena Singh recently posted…How Many Hours Should You Work Per WeekMy Profile
    Twitter: harleenas

    Reply
    • Angela McCall says

      August 28, 2014 at 10:47 am

      Hi Harleena,

      I tell ya these hackers are something else! 🙁

      The measures they take are unbelievably CRAZY!!! Someone has too much time in their hands. I actually emailed Tim Bonner about this but got the wrong address so it came back to me. At the moment, I had no choice but to get the premium Wordfence, and it did not stop until I activated the “Cellphone Sign-in thru Wordfence”. Tim said, “What I did when the brute force attacks came in was to change the WordFence settings to throttle traffic and set Cloudflare to I’m under attack!” See I didn’t know that. I couldn’t get a hold of Tim. Neither Wordfence support or what. Geoff (my hosting service) suggested I should get the premium, cellphone sign-in, they used Limit Login Attempts. So I was panicking on weekends!

      Really? You read that on the newspaper about China? WOW…so I must be one of these people they attack in the U.S. right? I tell ya when they hacked my Twitter, there were thousands that got affected and I was the lucky one of them! *OH JOY* anyway, now they are doing it again. They are just unbelievably crazy!!!

      Yes. Have a very complicated password and change it often. You know these morons didn’t even enter usernames. They were just guessing the password right and left. I read somewhere that hackers do this to flood your server with lots of logins until your server dies. What are they trying to do? Kill the server. Yes that is! Geoff said that they are always under attack by these intruders. Thank God that he is under control in all of this. So this is the time when I do love a hosting service that real savvy about SECURITY and protecting his clients. I can go to sleep at night and not worry at all. But that weekend, I couldn’t sleep. I was up in the middle of the night trying to figure out how to stop these morons on accessing my server!

      Yes, it was an absolute NIGHTMARE for me. *UGH*

      Thank you so much for adding value to my most. And most of all for telling me THAT news about China! WOW…I am still flabbergasted at these people. *shakes head* You too hon, have a safe weekend.

      God bless,
      Angela

      Reply
  2. Bren Lee says

    August 28, 2014 at 5:18 am

    Geeze Angela, you really did get slammed by those nasty spammers! It’s a shame that you had to block the entire Country but I can understand it. Most of my login attempts are coming from there too. It’s beyond me how people feel the need to be this malicious! I’m glad you were able to ward off any more attacks and they didn’t get into your site.

    This is a great post with some awesome tips. Gladly passing it along for ya!

    B

    Reply
    • Angela McCall says

      August 28, 2014 at 10:31 am

      Hi Bren,

      Welcome to my blog! 🙂

      Yeah. They did it to me for 3-days! I figure this wasn’t gonna stop unless I do something. I know Tim Bonner did something to stop this using that “free” WordPress, but I don’t know how he did it. He should come over here later and *share* that knowledge with us. Coz I would like to know how he did it. I tried to contact him during this Brute Force Attacks but got the wrong email addy and so it came back to me. By the time I got the right address, the attack stopped.

      …and all it’s because of that “Cellphone Sign-in through Wordfence”. That’s the only way I stopped this brutal attacks. I know some people didn’t have to spend the money but I feel much safer if I have to pay the premium coz I know they will upgrade this! Thank you for visiting and commenting on my blog. I really appreciate this. Have a nice weekend and I’ll catch you later…

      Angela

      Reply
  3. Adrienne says

    August 28, 2014 at 3:15 pm

    Hey Angela,

    Welcome to blogging right!

    Do you remember several weeks ago when I was getting hit by bots? They were coming from Ukraine and they were wreaking havoc on my site so I had that country blocked as well.

    Hackers, spammers and impostors are the lowest of the low to me. Their only goal is to hurt others and they don’t care how they have to go about it. I think I’ve shared with you in the past that several years ago I was on a webinar with a guy that use to be a hacker. That is until the FBI showed up on his door. He was just a kid but he found it fascinating and challenging so that’s why he did it. He was about 16 years old at that time and super smart and he did it because he could.

    I’ve heard these hackers do it to hijack your blog and some want to be paid if you want to get it back. Others do it to impersonate you and direct all your traffic to their sites, there are just dozens of reasons why they do what they do. None of it in the name of good of course but think how successful they would be if they put their talents toward good instead of the other way around.

    Either way, we have to continue to protect ourselves in the areas you mentioned above and just make it super hard on them getting in any old way. We just have to keep on top of things.

    Glad you got that stopped and let’s hope you don’t have any more issues.

    ~Adrienne
    Adrienne recently posted…Thankful Thursday: Evergreen, Facebook, Commenting, MarketingMy Profile
    Twitter: AdrienneSmith40

    Reply
    • Angela McCall says

      August 28, 2014 at 7:00 pm

      Hey Adrienne,

      Yeah. Right. The *JOY* of blogging alright.

      Thank you for telling me that. Yes, Ukraine too! They always attacked me and so just now after reading your comment I have just blocked Ukraine. Isn’t Ukraine from Russia?

      I couldn’t agree more with you. Hackers, impostors, and spammers are the lowest of all the lowest mankind. I don’t even think they are humans! I know that some of these people hack just for the heck of hacking a site, so they can say, “See? I can do this!” Stupid people. So the FBI showed at his door? Wow…Sometimes kids are amoung the smartest. I’ve read somewhere before, this 14-year old kid was inventing all kinds of Interactive games and he’s only 14. So yeah, they can be real smart.

      I wouldn’t be surprise if I get impersonated someday. If it happens to you, it can happen to me! During the first time of my blogging here, there was someone who signed here as “Adrienne Smith” but with a different email address. Is this you here — angelamccall.com/skype-2? it’s got that email address of: AdrienneSmith40 @ twitter.example.com and so I thought you use that one too. I’m not really sure if that was you coz there is no gravatar. If that was you, I’ll keep it. If not I will delete it.

      Absolutely! We must all gather together, all of us bloggers, and FIGHT BACK against these hackers, intruders, spammers, and impostors! We should all send them all to HELL.

      Yes. I’m glad too that this issue stopped. But at the time this was happening I was yelling HELP to everyone. I emailed Geoff, Tim Bonner, and Carol Amato. Tim should know how to handle this via Wordfence, right? But I got the wrong email address of Tim and it keeps coming back to me. And so out of desperation, I bought the “premium” Wordfence. By the time I got the RIGHT email address of Tim, it was over. But Tim said, “What I did when the brute force attacks came in was to change the WordFence settings to throttle traffic and set Cloudflare to I’m under attack!” See have I known that…I wouldn’t get the paid premium. But in a way, I am glad that I got the premium. Coz now they would need a CODE from my cellphone in order to get in.

      Anyhoo…what a loooooooong story, right? Thank you for a very valuable comment. I’m coming to your blog as soon as get back from Petsmart. I will see you at your blog shortly…

      Angela

      Reply
      • Adrienne says

        August 29, 2014 at 7:29 am

        Hey Angela,

        Yeah, these kids are smart and they’re doing some really awesome stuff. Some aren’t though as the example of the one where the FBI showed up on his door. He didn’t realize the kind of trouble he could get into and that stopped his hacking days which is why he did the webinar. To share with us why some people do that and how to kind of set things up to protect ourselves. That was years ago though and it’s much more sophisticated now.

        No, that’s not me. When I comment I will ALWAYS use the same email address and it will be my business address. Who has an email address through Twitter? PLUS, whenever I connect with someone I let you know and I say something additional as well.

        I’m sure you’ll be fine with the premium version and I know how it is to be in panic mode when something like that is happening. It’s not fun, it’s scary and we don’t know what to do about it Angela. That’s where our friends we’ve made come in handy. 😉

        I’m getting a slow start this morning so you have a good day okay! See you around and enjoy your weekend.

        ~Adrienne
        Adrienne recently posted…Thankful Thursday: Evergreen, Facebook, Commenting, MarketingMy Profile
        Twitter: AdrienneSmith40

        Reply
        • Angela McCall says

          August 29, 2014 at 9:44 am

          Hi Adrienne,

          In a way it’s good that the FBI showed up coz he sure learned his lessons well. And now he’s giving webinar to everyone how to protect themselves. He turned bad to good.

          WOW. You see I had no idea about impostors til now. That comment have been awhile then and I had no idea that was an IMPOSTOR. I am definitely deleting that crazy psycho. Or should I report it? A Twitter address is not even a valid address. I mean who would use that? Only stupid people would use Twitter as their email address. Now that I thought about this. But those were my EARLY days of blogging. Notice she commented on one of my very first posts back then. I had no idea. But she will be a GONER!!!

          Yeah. Definitely in PANIC mode. Specially when Tim Bonner didn’t come to the rescue coz he’s the only one I knew that experience “Brute Force Attacks” via Wordfence and so I thought he could help me. But Nah. So now I much more CAUTIOUS with these attackers. I’m glad I got the PREMIUM.

          Me too. I am kinda slow this week as far as reading blogs. I still need to come to yours. I find very interesting articles from those 5 bloggers you posted. Then go to other blogger friends. But I will get it done today!

          See you later,
          Angela

          Reply
  4. sherman smith says

    August 28, 2014 at 4:41 pm

    Hey Angela,

    You know what? I started to get the same exact thing on my blog. I have a super hard password so it will definitely be harder for the hackers to get in. But what I’m going to do is call my host company. If they can’t help, I’m using a software called Sucuri which is similar to wordfence and see what they can do to stop this action. i’m glad i’m not the only one getting these attacts!

    Thanks for sharing!
    sherman smith recently posted…How To Rebuild Traffic After Taking A BreakMy Profile
    Twitter: shermanksmith75

    Reply
    • Angela McCall says

      August 28, 2014 at 6:33 pm

      Hey Sherman,

      Really? Wow!!! Did you read Harleena’s comment just now? At the same time I was being attacked it started around August 21st. I think I had some Brute Force Attacks even before that date and I ignored it…hoping it will stop. She said she read in the newspaper 1-2 days back that China was attacking the U.S. and that was the SAME time all these things were happening!

      Yes. Call your hosting service company. They should be able to protect you. Anyway, thanks for sharing this. Now I understand this more fully. This is really crazy!!!!

      I’ll see you around…

      Angela

      Reply
  5. Kumar Gauraw says

    August 28, 2014 at 8:25 pm

    Hi Angela,

    I have been through brute force attacks more than once and that is why I can completely understand what you might have gone through after seeing those annoying emails in your mailbox.

    Wordfence is a terrific plugin and I highly recommend it for people who want one-stop solution for most of the security challenges of WordPress. I have used it, I loved it and I highly recommend.

    However, as a founder of my premium managed WordPress hosting company, I have Sucuri scanning all my servers and all my websites for malware attacks/injections regularly. If anything gets affected ever, not only they watch and nofify, they clean all sites hosted on my servers almost instantly.

    In addition, I have hidden my WordPress login screen and disabled XML-RPC on my WordPress installations and since then, I never had any attack whatsoever.

    Some people complained about CommentLuv link being the reason for spam. But, from my experience that is not true. I have comment love enabled for such a long time. Adrienne has got comment love and she actively promotes it. I do not see her struggling with comment spam anymore and I do not experience any comment spam on my sites either. All I have is CommentLuv premium and Akismet combination installed and that has given me the peace of mind (so far).

    Thank you for sharing your experience and sharing about some of the best plugins that can help anybody fight brute force attackers.

    Regards,
    Kumar

    Reply
    • Angela McCall says

      August 29, 2014 at 9:30 am

      Hi Kumar,

      Yes, it was very stressful. I couldn’t sleep that night. I thought I waited a day or two to make them go away? And maybe they would stop trying? NO. They kept on going and going. I just read thru WordPress.org that hackers keeps on trying to brute force attack your site until the server die. I didn’t think it would be this serious.

      Thank goodness for Wordfence. I *love* Wordfence. But then…I was actually panicking coz couldn’t get a hold of anybody to help me. So I was compelled to buy the premium even if I didn’t want to. Later after this happened, Tim Bonner said to me that he had to change the settings to “throttle” traffic and set to Cloudfare. First off, what is a throttle? and what the heck is Cloudflare? My Wordfence is on throttle traffic already. For someone who is not techy, the word “throttle” and Cloudflare are just like me trying to speak German. I don’t understand it.

      Sherman Smith said just now that is what he is using — Sucuri. Sounds like a winner plugin to me, just like Wordfence. Do you they have that “Cellphone Sign-in” also like Wordfence? This cellphone sign-in and blocking countries is available only thru “premium” Wordfence. So far, I blocked China & Ukraine. Two of the most malicious county that hates American bloggers. Gosh, I despise them!

      So far I am using the “Rename wp-login.php” plugin to hide my admin. But then it gives me this message when this plugin is activated: “WP Super Cache is enabled on your website. To make sure Rename wp-login.php works correctly, you should add {deleted} to Rejected URIs. This notice will disappear once you’ve done that correctly.” So I dunno what this means, the “Rename wp-login.php” seems to work so far despite of that message.

      I used to have Akismet. Before Anti-Banklinker, I was having so much problem with spam. But after Andy released the Anti-Banklinker — this and GASP together works amazing. Since Andy instructed me how to control my settings I get ZERO SPAM. And so I love CommentLuv Premium. I don’t know why others are still receiving spam. Like Adrienne said, they are probably not setting their CommentLuv the right way. Because I am not complaining. I get ZERO SPAM and pretty happy!

      Thank you so much for sharing me your experience and valuable comment. I appreciate this a lot. Have a wonderful weekend.

      Cheers,
      Angela

      Reply
  6. Lisa says

    August 29, 2014 at 2:49 am

    Hi Angela, wow, that is amazing that all from one country. I have both WordFence and LastPass. I can see why we may want to get the paid version of WordFence now. That gives me something to think about.

    I think if we also change our passwords more often tht would help too against stuff like this. Another thing I am thinking of doing and setting up a calender to do so.

    Thanks for the info on this Angela and sharing your experience with this so we can learn and hopefully avoid it in the future. I’m still trying to figure out who pretended to be me and make comments with spammy links – and why would they do such a thing too?

    Have a great weekend Angela!
    Lisa recently posted…Why 11 Commenters Really Rocked it in AugustMy Profile
    Twitter: Lisapatb

    Reply
    • Angela McCall says

      August 29, 2014 at 10:24 am

      Hi Lisa,

      I love your new gravatar. The real picture of you. This is a lot better. 🙂

      Yes, you can never go wrong on the PAID version of Wordfence. I love the idea of blocking the whole country like China and Ukraine. These countries are very malicious and always cause TROUBLE on my blog. So they are GONERS!!!!

      The password alone on my WordPress doesn’t work unless I have that CODE from my cellphone that they sent me. So it’s like I’m signing on different passwords everytime. Say, IF I cleared my “cache” on my Chrome browser, I will have to login again. But as long as I don’t clear the cache on my browser, that password stays. LastPass always remember the latest password, so I’m okay.

      I’m still curious about that too, who in the world impersonated you. Real loser! Next time that happens, get their IP address and report them to the Internet Police. Keep abreast with me with these “impostors” this is something new on the Internet. Sheesh! Problems on the Internet just never ends!

      You too dear friend, have a great weekend.

      Angela

      Reply
  7. Carol Amato says

    August 29, 2014 at 7:07 pm

    Hi Angela,

    Bless your heart – you’ve been through the wringer!

    I’m so glad my comment spurred you on to check exactly what the problem was…

    I used to use Wordfence Security plugin but I got rid of it, and now just watch my server load to see if there are any unusual spikes.

    You’re spot on – I couldn’t agree more! 🙂 Strong passwords are essential to security, and leaving the user name to Admin is a common mistake. That only leaves one thing to figure out, the password.

    That’s an awesome way to protect your blog, Angela, and you’re right, the intruders may very well come back. But they will get a big surprise this time, because Angela has secured her site thoroughly now. Way to go!

    Yeah, I keep a close eye on my server to see if there are any unusual spikes, but I have a hosting service, so it’s probably easier for me to understand.

    It amazes me that some people have nothing better to do than to cause trouble for other people. Horrible, and it’s getting worse!

    This is an awesome post, Angela, and I’m sharing with my friends right now. Thank you so much for putting this together.

    Hope your weekend is relaxing!
    – Carol
    Carol Amato recently posted…Do You Keep A Back Scratcher In Your Pencil Holder?My Profile

    Reply
    • Angela McCall says

      August 29, 2014 at 8:40 pm

      Hi Carol,

      I guess I’ve gone thru the gates of hell.

      Yes, thank you for that comment. Have you not said anything I wouldn’t even think it was a “Brute Force Attacks”. Dang. What was I thinking? I’m so used to people trying to invade my home, perhaps 1-2x a week. But this time they were coming in very rapidly. I thought I left a gateway for spammers/intruders via CommentLuv. But you’re so right, it wasn’t a plugin malfunction.

      You used to use Wordfence? So now what do you use to secure your server? *curious*

      The funny thing about this attacker is…he didn’t even use any username, he just kept on firing password after password. When I read on WordPress.org that hackers do this to fill up the “memory” of your server and then eventually the server would die, I thought I had to do something quick.

      Yup. Next time they come back, I’ve got my shotgun ready!

      See, you’re the techy one when it comes to servers coz you have your *own* hosting service. You’re fortunate!

      I think to some people this is some sort of a challenge. If they are not after for the money, which most of them do it for that cause, then some are just having a good time hacking people’s server. What a bunch of morons!

      Thank you for visiting me. I will see you back in your blog shortly. I’m slow this week commenting on my friends. Anyway, have a nice Labor Day weekend.

      Angela

      Reply
  8. Ravi Chahar says

    August 30, 2014 at 10:48 am

    Hi Angela,

    Sorry to hear about the attack.

    Whenever I hear about these kind of attacks I feel like why people do these kind of anti-social stuff. ow can anyone feel happy to destroy others hard work?

    When I heard about attack at Adrienne’s blog I was so amazed that how would that happen? And now it’s your blog.

    The plugins you have mentioned may help many bloggers because many bloggers don’t know more about WordPress and security plugins.
    I will surely try Wordfence to increase some security level.

    Thanks for making me aware about this.
    Hope you are doing fine with your blog now.

    ~Ravi
    Ravi Chahar recently posted…Some Deadly Mistakes of Entrepreneurs Which Can Ruin Their Online BusinessMy Profile
    Twitter: ravichahar27

    Reply
    • Angela McCall says

      August 30, 2014 at 3:53 pm

      Hi Ravi,

      Me too. It was unexpected. Guess it always happen when you expect it the least. So it’s always good to always *Be Ready* for the attack any minute and make sure you have SECURITY. Take advantage some of the FREE security plugins here.

      I think these type of people are happy when they see others suffer. They must have a very sad life that they are able to make someone miserable. Coz “Happy People” *DO NOT* do this kind of things. Misery loves company!

      Yeah. What happened to Adrienne is despicable. They had the nerve. *Ugh*

      The FREE Wordfence is pretty good also. You don’t have to get the premium. If you are under attack and you have that Wordfence (free) plugin, according to Tim Bonner he said, “What I did when the brute force attacks came in was to change the WordFence settings to throttle traffic and set Cloudflare to I’m under attack!”

      Now as far as *HOW* to do that on your free Wordfence, I don’t know what to tell you. Tim Bonner suppose to come here to comment and show me that so my readers will know what to do just in case they are one day under the attack, but he never showed up. And so I’m not waiting for him to show up. Just remember those *hints* above. I have no idea what a “throttle” mean neither do I know what a Cloudflare is all about. All I know is to STOP these hackers via “Cellphone Sign-in thru Wordfence Premium”.

      Anyway, thanks for contributing your wonderful comment. I hope you have a blessed weekend.

      See you around,
      Angela

      Reply
  9. Harshajyoti Das says

    August 30, 2014 at 4:34 pm

    I have been in your situation Angela. Back in 2012, I was running a blog network with over 50 websites. I made the worst mistake of using the same username and password across all my sites. I was also stupid to use a predictable password, ‘abc123’.

    Ultimately, after loosing around $10k in business, I hired an ethical hacker to fix my block holes. It was a painful lesson.

    Now, I use 2 wordpress plugins that has helped me eliminate spam and ‘brute force attacks’ completely. Both of them are available for free.

    1. No Bot Question
    2. Login Lockdown

    Until next time,

    Harsh, Author @ harsh.im

    Reply
    • Angela McCall says

      August 30, 2014 at 5:35 pm

      Hi Harshajyoti,

      Welcome to my blog! 🙂 I’m so happy to see you! <3

      OMG...I have done the same thing before. Use the same password in all of my social media, including my blog. And so since I heard that wasn't a good thing, I have changed it right away. And now I am using the "password generators" to generate my password into a STRONG one. Even me can't remember it. I have LastPass to remember it for me. Or the Passwords (application) on my iPhone to remember all my passwords. I've got hundreds of them. So it's impossible to remember them all.

      WOW…you lost $10K for this. Ouch! So sorry to hear this. But thank you for sharing me your experience. We all can learn from your experience. Do you mind sharing me what 2 of the WordPress plugins you are using and they are FREE. This is awesome. Some of my readers cannot afford “premium” and so perhaps your experience can help some of my friends, readers, and followers.

      Thank you for taking the time to stop by. As far as engagement is concerned, I am pretty impress by you. You are a wonderful person. Thank you so much for adding value into my post. Have a blessed weekend.

      Angela

      Reply
  10. Harshajyoti Das says

    August 30, 2014 at 11:41 pm

    You have a wonderful blog. I rare to find a blog with a personal touch. I am tired of seeing people posting articles like “10 tips to……..”. You have an amazing video blogging challenge going on.

    I didn’t know about ‘MyCommentAuthors WP Plugin’. It’s a nice little plugin to build relations with your audience. I will download it now.

    The two plugins I am using are:

    1. No Bot Question: wordpress.org/plugins/wp-no-bot-question
    2. Login Lockdown: wordpress.org/plugins/login-lockdown

    Both of them are free. I would like to take the opportunity to invite you to write a guest post on FireYourMentor.com whenever you get time. Any article related to writing and self-publishing are most welcomed.

    Reply
    • Angela McCall says

      August 31, 2014 at 12:42 am

      Hi Harshajyoti,

      Thank you very much for a very wonderful compliment. You have made my night! 🙂 Recently, I have joined the 30-days Video Blogging Challenge. We’re not quite done just yet. I stopped at the video #19 so far. I have 11 more videos to go. And my community will resume our Video Blogging Challenge again this September. We put a halt into this a bit coz it’s been hot lately and I end up sweating bullets video taping myself in front of the camera. Sure, there is A/C but the air condition makes too much noise when I’m taping.

      MyCommentAuthors is created by my friend Enstine Muki. It’s a brand new plugin. That’s what its for, to build relationship with your audience. I think I made a booboo on my first email to my audience thanking them for their comments. Enstine is going to create a tutorial video on this on how to do it right. You’re the techy one, Harsha. When you install it, perhaps you can teach me how. 😉

      You are so patient with me, Harsha. I admire that a lot about you. Thank you for reiterating with me these 2 plugins. When you mention it in your very first comment, I didn’t think they were plugins. What was I thinking? LOL. Again, thank you for making it lucid to me again. I will check them out asap.

      Oh Wow…are you serious? Wow!!! You have made my heart go pitter-patter. Wow…what a nice surprise from you. I never thought you would ask me. Sure!! I would love to. I will keep in touch. Thank you very much. Now, I’m all EXCITED!!!! <3

      Angela

      Reply
      • Harshajyoti Das says

        August 31, 2014 at 6:35 am

        You are most welcome Angela. You will find the details here: fireyourmentor.com/write-for-us/

        I would love to know more about “30-days Video Blogging Challenge”. Where can I find more info about it? Is it at facebook.com/groups/The30DayVideoChallenge?

        Have a blessed weekend.

        Reply
        • Angela McCall says

          August 31, 2014 at 10:19 am

          Harsh, how long have you been blogging? *curious*

          By the way, I just tagged you on Google+. I added you in my Circle and tagged you to join the “Video Blogging Challenge” at Google Plus.

          Look forward to seeing you there.

          Angela

          Reply
          • Harshajyoti Das says

            August 31, 2014 at 9:10 pm

            Thank you for adding me to your group. I wouldn’t consider myself a blogger. Until last year, I spent most of my time helping clients with their online marketing efforts (SEO to be more specific). I ran a couple of niche blogs but I outsourced 100% of the work to freelance writers.

            It was in Nov 2013, when I finally decided to quit work and start writing. So far, I have only written books and may be a couple of articles.

            I know I should start blogging now in order to promote myself. Hence, I am taking my baby steps. The video 30 day blogging challenge looks exciting. I plan to do a a series of videos on ‘How to promote a book’.

            Reply
            • Angela McCall says

              August 31, 2014 at 9:44 pm

              I guess my question should be like, how long have you been online instead of how long have you been blogging. Reason why I asked, last time I was interviewed, he vanished after 6-months later.

              I just want to make sure that people are not going to vanish from me in 6 months. I have Guest Posted only once with Harleena Singh, she is my “first” one. But that’s after I’ve known her 1 1/2 year. I know she is a very legit blogger and have been online for 4 years.

              Anyway, that link to my very 1st interview with this guy vanished. When he vanished, he left a broken link on my site. So I deleted that post too. Anyhoo, I am looking forward to seeing you in that “Video Blogging Challenge”. The person who manage that community is a professional Writer. And she’s a pretty good one supporting ALL of us in that community. She’s very inspiring. If you promote your book through video that would be AWESOME!!!

              Angela

              Reply
              • Harshajyoti Das says

                August 31, 2014 at 11:15 pm

                Hello Angela, I hear you. It’s often a pain to see people vanish. I understand your point completely.

                I have been online since 7 years now. I make a living online. Never had a day job.

                You can find more about me here: harsh.im/previous-interviews

                Looking forward to the video blogging challenge.

                Reply
                • Angela McCall says

                  September 1, 2014 at 12:58 pm

                  Thanks for understanding.

                  Wow!!! You have been online for 7 years! That’s a long time. You must love your career. 🙂 you seem very passionate about it. Kudos to you!

                  Thank you, Harsh, for leaving me that URL. I will check them out.

                  Gonna ask Bonnie Gean when she will start exactly on this Video Blogging Challenge. Did she accept you there in the community?

                  Angela

                  Reply
                  • Harshajyoti Das says

                    September 1, 2014 at 1:33 pm

                    I am still waiting for Bonnie. I am sure, she will act soon. Wish you a happy Labor Day !

                    Reply
                    • Angela McCall says

                      September 1, 2014 at 3:37 pm

                      Yes, she’s been very busy. She’ll get to it soon. I did message her already in that community and told her that I invited you there. Thanks for your patience!

  11. Joy Healey says

    August 31, 2014 at 3:03 am

    Hi Angela

    I’m back now after my trip away and thanks for this scary post. I mean that in a nice way 🙂

    When I was a very “baby” blogger – and actually doing all sorts of dumb things because I didn’t know any better – I had about 5 blogs hacked on the same day and boy what a nightmare that was. I got them back more or less intact and learned a lot from that episode. Although the blogs didn’t survive the test of time (and didn’t deserve to) I’ve never forgotten that horrid week of trying to put things back together again.

    Anyway, thanks for telling me about WordFence. I’ve now installed it on my own blog.

    Lets hope these scum just….. hack each others blogs!!

    Joy xx
    Joy Healey recently posted…My Comment Authors in August 2014My Profile
    Twitter: joy_healey

    Reply
    • Angela McCall says

      August 31, 2014 at 10:36 am

      Hi Joy,

      Yes, it was a scary post. I didn’t know it was this SCARY until I finally realize it was a Brute Force Attacks by some low life scumbag hackers. :/

      5 blogs haced on the same day…WOW!!! That is very SCARY. I believe Wordfence can repair your blog after it’s been hacked. Not that you want to be hacked, whatsoever. You want to PREVENT these morons from hacking your site. Ever since I got the premium, I don’t have anybody trying access my domain again. GONE. They all went to hell. Anyway, everytime I login my site now, it asked me now for that CODE that Wordfence sent me on my cellphone. This is terrific!!!

      Oh good. I’m so happy you installed Wordfence. You won’t be sorry.

      I’m not sure if hackers will hack each other’s blog. I think they’re all in cahoot together. Anyway, girlfriend, thank you for stopping by and commenting on my blog. As always I appreciate your presence. xoxo

      Angela

      Reply
  12. Siddharth Sharma says

    August 31, 2014 at 9:59 am

    Hey Angela,

    Brute Force attack is mostly common in wordpress blog if you run it without doing concentration on it’s settings and load . So, as we know everything wants re-check so we should check performance of our blog daily bases.

    Actually My writer also wrote a Article on same problem , but after a long time today i read this post on your blog too . you are also a good teacher for explain how to fix problem .

    Thanks for Share 🙂

    Reply
    • Angela McCall says

      August 31, 2014 at 10:41 am

      Hi Siddharth,

      Welcome to my blog! 🙂

      I don’t check performance on my blog on a daily basis. Wordfence does the job on sending alerts to me when hackers tries to intrude my blog. But now they’re all gone. Since I login via Cellphone sign-in now, I’ve got ZERO intruders. Wordfence sent them all to HELL. If they come back I have my shotgun ready!

      Thank you. I’m glad I explain this good. I don’t want other people to experience what I’ve experienced. It was *not* fun.

      Anyway, thank you for stopping by and commenting on my blog. Have a great Sunday!

      Angela

      Reply
      • Siddharth Sharma says

        August 31, 2014 at 9:25 pm

        Angela,
        It was my First visit on your Blog. And Now i will be regular to drop my comment on your blog posts as a Bloggers community.

        Thanks for Replying on my Comment.

        Cheers!

        Reply
        • Angela McCall says

          August 31, 2014 at 9:50 pm

          I am looking forward to getting to know you more, Siddharth. I will eventually visit your blog. As soon as I’m able I’ll be there.

          Angela

          Reply
  13. Maxwell Ivey says

    September 1, 2014 at 2:18 pm

    Hi angela; thanks for not just explaining brute force attacks and telling us how you stopped them but also for giving us the reminder about passwords and the links to all the great tools. glad to hear the problem is solved. best of luck, max
    Maxwell Ivey recently posted…Good health makes me a better blogger part 1My Profile
    Twitter: maxwellivey

    Reply
    • Angela McCall says

      September 1, 2014 at 2:48 pm

      Max, is this really you? What happened to your gravatar? It vanished.

      Anyway, Tim Bonner suppose to tell me how he stopped his brute force attacks when he was using the FREE Wordfence. I have the PREMIUM Wordfence and I stopped the intruders by having to have that CODE from the “Cellphone Sign-in” feature of Wordfence. And now I get ZERO intruders! My password changes everytime so it is never the same on the same day!

      Angela

      Reply
      • Maxwell Ivey says

        September 1, 2014 at 2:57 pm

        Hi angela; yes its really me. the other day robin hallett encouraged me to add my latest photo to my gravitar. she said it is so much better than any other photo i was doing myself a disservice not using it. well somehow while trying to add the new photo i did something to mess up my gravitar. I don’t know what. I asked a friend to look at it, but she didn’t find any problems. gravitar is easy to add photos to but hard to change the photo you have selected. I also may have changed which email dress is my primary one. just the usual tech challenges for a blind computer user. 🙂 thanks for checking, max
        Maxwell Ivey recently posted…Good health makes me a better blogger part 1My Profile
        Twitter: maxwellivey

        Reply
        • Angela McCall says

          September 1, 2014 at 3:41 pm

          Hi Max,

          I know what you are saying. Once you create your gravatar it’s very hard to change the photo there. You have no idea how many times did I attempt to change my photo there but it’s very hard.

          I don’t know why WordPress make this very confusing. I don’t think a new blogger will ever get this. Coz I try to register a gravatar for my client and I never got to the Gravatar Page where I have to upload her photo there. Somehow, her gravatar from Facebook just appeared when I try to use her email address. So weird. I don’t understand the Gravatar thingy here anymore either.

          Angela

          Reply
  14. Rohit Sharma says

    September 1, 2014 at 9:50 pm

    Hello Angela,

    Thank Goodness your blog was saved in all this mess.

    We can’t determine what can these hackers do and all those attacks may seem just the regular for a simple blogger. Hence I guess we have to take measures to secure our blog carefully.

    I wasn’t aware with wordfence security plugin but now that you have mentioned it, I am definitely gonna try that.

    I used Sucuri Firewall and their WordPress plugin and they are working quite well.

    Anyways thanks for sharing this article, its very informative.
    Rohit Sharma recently posted…Torrentlocker Ransomware and How to remove itMy Profile
    Twitter: rohitsharmacr

    Reply
    • Angela McCall says

      September 1, 2014 at 10:21 pm

      Hi Rohit,

      Welcome to my blog! 🙂 I just whitelisted you. Yes, thank God that my blog was safe. I couldn’t be any happier. It was a joy to know that these hackers were stopped.

      I am so glad that I got a paid version of WordPress and installed Genesis. The guy who mainly designed Genesis is the guy who “specialized” on SECURITY. And so Genesis is pretty secure. I’m so glad I have a paid WordPress theme. Or this would have been a lot easier to be hacked.

      Sucuri is pretty good also. It works like Wordfence, from what I’ve heard from other users who are using it. So I believe you are okay. If you know how to adjust Sucuri when you are “under attack” that will be all you need to know. But I didn’t know what to do then when I was “under attack”. The user Tim Bonner was the one who introduced me to using Wordfence and he’s only using the FREE version of this now. And he said that when he was under attack, he put his traffic “under throttle and on Cloudflare” whatever these means, I have no idea!

      But with me I bought the premium Wordfence and put my blog under “Cellphone Sign-in” from now on. And so my password change every time through that CODE they sent me via iPhone. NO ONE can invade my blog unless they have THAT code!

      Thanks for stopping by. Have a great week.

      Angela

      Reply
  15. Neamat Tawadrous says

    September 3, 2014 at 8:32 am

    Hi Angela,

    Sorry to hear about your Dilemma but Wow, you scared me to death.

    I have to strengthen my password further and make the necessary precuations. I will try and get the Wordfence. I already have Limit Login Attempts.

    Thanks Angela for sharing your experience with this for us to wake up. Highly appreciated.

    Be Blessed,

    Neamat
    Neamat Tawadrous recently posted…3 Tips To Kill Information Overload And Start Focusing!!My Profile
    Twitter: nkeriakos

    Reply
    • Angela McCall says

      September 3, 2014 at 1:14 pm

      Hi Neamat,

      It was very scary and stressful. I couldn’t sleep.

      Thanks for the Wordfence “Cellphone Sign-in” feature, I love it. Also, I installed the “Lockdown WP Admin” plugin which *hides* your admin area. When a hacker tries to enter “wp-admin” it sends them to the 404 Error. So I love this plugin. It works really well. Also, everytime I logout from WordPress, I have to enter a different CODE again from Wordfence. Everytime I sign-in it is always different. Some people don’t like to do this. But to me I only sign-in my computer browser once and it stays there until I logout my site or until I clear the cache on my browser.

      You’re welcome. I don’t this to happen to you or to any of my friends and clients. So that’s why I was highly motivated to write this post. Anyway, thank you for stopping by. Have a great week!

      Angela

      Reply
  16. donna merrill says

    September 4, 2014 at 8:51 am

    Hi Angela,

    I’m seeing this a lot around the blogging world. For the life of me, I cannot understand why these hackers do it!

    In all honesty, I have no idea which kind of security I have on my blog because I use Krishna World Wide which is Kumar’s. I have received calls from Kumar telling me what is going on as he fixes it.

    Now you know me, I cannot stand wasting my time and energy fighting off hackers, I leave that up to Kumar and his awesome service. What hosting company actually calls you up and tells you something is going wrong and they are on it? I’m thrilled that I made to choice to be with Krishna World Wide.

    I do get attempts all the time, but Kumar is on it. Am I completely safe? Who knows?

    I do change my password often and make it very long. I use LastPass to remember it.

    We all can do the best we can, but hackers will always find a way to get around things. When I check my spam folder,it is all filled up with “buy Gucci shoes” and long unreadable things. Yes, I too get them all from China.

    To me, once we are out there, there is always going to be hackers doing their thing for God knows why! Even identity hackers. Now that is one scary thing to go through.

    But whatever comes our way, there is always an answer to the problem. Yes, it is very upsetting, but it all comes with the turf!

    I recently looked myself up on Bing just because. I found a website that had many of my blog posts on it. It raised a red flag because I didn’t know who the heck this chick was. So I dabbled around and seen that it all clicked back to my blog. I got in touch with her and asked her what was going on. She was “curating” posts. But as long as she was mentioning me and linked to my blog, I was OK with that. I just wanted her to know I noticed it. ((sigh of relief))

    Thanks for sharing this and all the links you posted because many bloggers still are using Admin, or have weak passwords.

    -Donna
    donna merrill recently posted…Do You Have Loyal Customers?My Profile
    Twitter: donna_tribe

    Reply
    • Angela McCall says

      September 4, 2014 at 11:56 am

      Hi Donna,

      Me too. I cannot figure out why hackers do this. Some just do this for fun. There are all sorts of crazy people out there. For some it is a challenge. To another it is all because of money.

      Krishna World Wide seems very good. Kumar just told me that he used Sucuri on SECURITY on his blog. But I’m not sure what he uses on his hosting service clients, I’m technically short about this. My hosting service is Hostedsafe.com and it’s own by a husband & wife only. This is not big entity like Hostgator. I love little companies like Kumar’s, Carol Amato’s, or Geoff’s (Hostedsafe). They talk to me more on a personal level vs big companies it’s more commercialized.

      I think Kumar is great for providing this service for you. I’m not sure how this works with Hostedsafe. I know Geoff keep on top of all things and he goes to Forum daily to keep the latest news on SECURITY for his hosting service. Say…if the hosting service is hacked, is that mean that they can get into your website also? I figure, Yes. Right? But say…they are only trying to hack your site, the whole hosting service is not affected, right?

      Kumar is pretty good on keeping things on TOP. It’s good to know that you’re pretty happy with him. I will keep this in mind, just in case I might need his service one day too.

      I thank God for LastPass. Without it, it’s impossible to run a blog and access social media without having too many hassles remembering each and every single password.

      Gucci shoes from China? Hmmm. I didn’t know they are made there. *LOL* Yes, China is very aggressive country. I think that’s why they wanna hack your site. To redirect sales!

      Yeah. I tell ya these “identity hackers” have some nerves!! There is an Internet Police you can report these guys, right? I have been impersonated before from my previous personal website. This gal pretended like me. She uses my identity and created a bogus website with all of my pictures in there. Emailed her and said that if she doesn’t take down my photos within 24-hours, I will use other alternative and that I have CC’d my lawyer upon sending this letter. Man, she took it down FAST!!

      Guess in this world there is the BAD, the UGLY, and the BEAST of all kinds.

      It is scary to see all your posts on someone’s website. Thinking, what are they doing? Are they trying to copy me or what? But so long as they are putting a link back to your site, that is okay.

      I tell ya…for the life of me, why in the world anybody used “admin” as a username? Even if I am a new blogger, this doesn’t make sense. I’ll just go ahead and use another username besides ADMIN. *rolls eyes* And why use “123456” or “test” for a password? Again…*shakes head* these people DO NOT have common sense. It doesn’t take a mental giant to figure this out. Even elementary can figure this out. Anyway, thanks for adding value to my post, Donna.

      Have a nice & wonderful weekend.

      xoxo
      Angela

      Reply
  17. Tim Bonner says

    September 5, 2014 at 5:45 am

    Hi Angela

    Thank you for linking to my post and I’m sorry I’ve not stopped by before now.

    Brute Force attacks are scary and I had them a few times when my blog was hosted at HostGator. WordFence and Cloudflare did a great job then to keep the attackers at bay.

    I can’t use WordFence now I’ve moved my blog to a managed WP host but I still use it on the sites I have left at HostGator.

    With regard to how I stopped the attacks on my site, in the WordFence settings I changed the security level to 4 – Lockdown. That changes all of the Firewall settings to the recommended ones by WordFence if you’re under attack.

    In CloudFlare I also changed the Basic Protection Level to “I’m Under Attack!”. That’s more for DDoS attacks but I did it anyway! If you know which country the Brute Force Attacks are coming from you can also use CloudFlare to challenge those people. They then have to complete a captcha before they will get through to your site. This is pretty effective against bots.

    Using WordFence and CloudFlare in tandem in this way helped me but it can disrupt the experience other users to your site might have such as loading speed.

    I hope this helps Angela but let me know if you need any further input from me.
    Tim Bonner recently posted…5 Ways To Make Self-Promotion Work For Your BlogMy Profile
    Twitter: timbo1973

    Reply
    • Angela McCall says

      September 5, 2014 at 12:51 pm

      Hello Tim,

      I really appreciate you stopped by here. Thank you very much. 🙂

      So I believe Cloudflare is another plugin combined with Wordfence, right? I just checked the Cloudflare plugin and it’s there to be added. I might experiment on this a little. I have another website that I’m going to construct which is angelamccall.net. I don’t know what I should put there yet. Perhaps I will put my affiliate products and experiement a little bit on the POWER of FREE “Wordfence and Cloudflare” combined. So far I’m pretty happy with the PREMIUM Wordfence. Couldn’t be any happier having to know that these morons won’t be able to sign-in my blog unless they get the Wordfence CODE via Cellphone Sign-in. So far I have ZERO intruders! The intruders I was having then (like 1-2 a week) is also GONE since I got the premium.

      Yes, I heard you moved to a different hosting service. That’s great.

      You changed the security level to 4-lockdown. On that Wordfence > Options > Firewall Rules — I only see this: angelamccall.com/wp-content/uploads/2014/09/wordfence-firewall-throttle.png — and it doesn’t tell me where the lockdown is. It only says there “throttle it” or “block it”. Am I missing something here?

      Thanks for telling me about the Cloudflare. I’m going to install Genesis in angelamccall.net just to experiment on Wordfence & Cloudflare then I will make a tutorial video to help those who are using these FREE plugins.

      Oh I see…thanks for sharing this “disruptive experience of loading speed” on Wordfence & Cloudflare. So far the speed on my site having that Wordfence is okay.

      Thank you sooooooo much, Tim, for all of your help and for adding value to my post. I do hope that people read your comment here. But if not, my next “tutorial video” will be about Wordfence & Cloudflare. Anyway, you have yourself a very wonderful weekend. Talk to you more later.

      Angela

      Reply
      • Tim Bonner says

        September 5, 2014 at 1:13 pm

        With CloudFlare you need to set up a free account on their site or via your cPanel if you have the option. If you do it via their site it will try to import your DNS settings for you. I had to set it up manually though when I moved to my new host.

        If you install the plugin, then it will sort out visitor IP addresses so that they show correctly rather than ones from CloudFlare. In WordFence if you’re using CloudFlare, you need to update the setting “How does WordFence get IPs?” to “I’m using CloudFlare so use the “CF-Connecting-IP” HTTP header to get visitor IP”.

        The security level is under WordFence > Options > Basic Options. There’s a dropdown where you can choose specific security setups.

        In terms of the “disruptive experience of loading speed” I was meaning if you have both WordFence and CloudFlare on high security settings. Under normal circumstances and usual security settings your visitors shouldn’t notice any detrimental impact on loading speed, depending on how many other plugins you also have active.
        Tim Bonner recently posted…How To Pack More Into Your Blogging DayMy Profile
        Twitter: timbo1973

        Reply
        • Angela McCall says

          September 5, 2014 at 1:51 pm

          I just registered myself in Cloudflare. I didn’t not install this on angelamccall.com but I did install it on my client’s website because I am still keeping its maintainance. However, I don’t understand their DNS part here. Wow…there is a lot to know here. I just got the API installed in my client. But I don’t know how to set the “I’m Under Attack Mode” yet. I just know they are here: https://support.cloudflare.com/hc/en-us/articles/200170056-What-is-CloudFlare-s-Basic-Security-Level- and bookmarked it. It would be nice to show this on my tutorial video step-by-step in a language that my client and readers can understand.

          So Tim, where can I find “How does WordFence get IPs”? Sorry, I am getting dizzy here…haha… 😀 you can tell I’m not really the techy person. But I force myself so I can understand this and help my clients, friends, and followers.

          Ah, I see. I went to Wordfence > Options > Basic Options. And I saw the dropdown to “Level 4: Lockdown”. I have never really used this area. So now I know. Do you only put Level 4 there when you are “under attack” coz if the site is not under attack, this might slow down the site right?

          As far as “disruptive experience of loading speed” is concerned, I shouldn’t worry setting Wordfence and Cloudflare now on high security settings coz my client’s website is not under attack. Right? She is not a blogger. But she is only having a website, so when she goes to Meetup she can tell these offline networkers to go to her website all-in-one. She has 5 different businesses rolled into one website. Anyhoo, she should be okay.

          Angela

          Reply
          • Tim Bonner says

            September 5, 2014 at 2:11 pm

            The “How does WordFence get IPs” dropdown is also under WordFence > Options > Basic Options. It’s the one below the Security Level setting.

            You only need to change the security levels to high on WordFence and CloudFlare if you’re under attack from a Brute Force or DDoS attack.

            With the DNS settings, CloudFlare usually tries to detect them when you add a site to your account. Did that not happen? If not, you’ll need to set them up. I’m not an expert with DNS but I’m sure I could point you in the right direction if you need some help.
            Tim Bonner recently posted…Building An Opt-In Landing Page Without Breaking The BankMy Profile
            Twitter: timbo1973

            Reply
            • Angela McCall says

              September 5, 2014 at 2:38 pm

              Oh yes, I have that checked already. 🙂

              Ah, that make more sense!

              Yes. Cloudflare scanned all the domains I added there. I will have to check on this DNS thingy. I just ask you again if I need to do so.

              On Cloudfare website it says here:

              “I’m Under Attack Mode should only be used when a site is having a DDoS attack. Visitors will receive an interstitial page for about five seconds while we analyze the traffic and behavior to make sure it is a legitimate human visitor trying to access your site. I’m Under Attack Mode may affect some actions on your domain, such as using an API. You’re able to set a custom security level for your API or any other part of your domain by creating a page rule for that section.”

              What is a DDoS attack?

              Angela

              Reply
              • Tim Bonner says

                September 5, 2014 at 10:49 pm

                It’s a Distributed Denial Of Service Attack.

                You may have seen or heard reports of AWeber and GetResponse and other sites being hit by DDoS attacks a while ago.

                It’s when someone deliberately sends a massive amount of traffic to a site so it falls down and no-one can access it.

                These attacks often come with a ransom note request for money to stop the traffic from coming!
                Tim Bonner recently posted…Do You Really Have Anything Useful To Say?My Profile
                Twitter: timbo1973

                Reply
                • Angela McCall says

                  September 6, 2014 at 12:19 am

                  OMG…that happened to Adrienne’s hosting service. They’ve attacked the whole entire site and she couldn’t access her site. It was a nightmare!

                  So they have to ask for money for a ransom? Wow…what a hostage! This DDoS attack is very serious. Thank you for explaining this to me. I already wrote my Part 2 “How to Stop Brute Force Attacks” with a tutorial video and I mentioned you on there, showing your website to my readers. Just to thank you for taking the time to explain all these to me.

                  Angela

                  Reply
                  • Tim Bonner says

                    September 6, 2014 at 12:32 am

                    Thanks Angela! I appreciate it :-).
                    Tim Bonner recently posted…5 Ways To Make Self-Promotion Work For Your BlogMy Profile
                    Twitter: timbo1973

                    Reply
                    • Angela McCall says

                      September 6, 2014 at 1:14 am

                      Oh gosh, I worked so hard on this “tutorial video”. So many take 2…3…4…10… It’s now 1:14 am here and I just finished editing this video. I hope it really SAVE someone from the brute force attacks!

  18. Steven J Wilson says

    September 7, 2014 at 2:14 am

    Hey Angela,

    I am here by way of Lisa’s blog Inspire to Thrive. I spotted your comment and have notice you in several of other blogging circles I visit.

    Nice to meet you and I’m glad I did.

    I personally have never had to deal with Brute Force Attacks. I’m glad cause I can tell that that was a very uncomfortable situation to deal with. Whenever I get one notification that something might be wrong I get super nervous and you had plenty.

    I accredit most of this to Wordfence since I have been using them for a while now and love them. They offer a lot and do it well.

    I also use Lastpass and think that it is something that we all should be using. If I had to keep all my passwords in a notebook or something I would never get anything done 🙂

    Sharing this now as it is beneficial to a lot of people and they should hear what you have to say on this topic for sure.

    Looking forward to coming back again. Have a great rest of the weekend Angela!

    Reply
    • Angela McCall says

      September 7, 2014 at 8:23 am

      Hi Steven,

      Welcome to my blog! 🙂 I am so glad you spotted my comment and I’m so happy to see you. Btw, I am one of Lisa Irby’s fan.

      *shakes hand* Nice to meet you too.

      You’re pretty lucky to not experience Brute Force Attacks. I tell ya it’s not fun. I have lost sleep over it. They didn’t stop the attack until I activated the Cellphone Sign-in and block a couple of countries. Before the Brute Force Attacks, I used to get 1-2 intruders a week. That didn’t bother me at all coz I know Wordfence is doing its job. However, when I saw hundreds in a minute, YIKES!!! I had to do something. According to my research on this, there is a new password cracking software now that tries 8 million times per second to crack a password. This is so uncanny.

      Me too. I love Wordfence. Their free version does a real good job. It alerts me when there is malware, virus, or phishing going on. It also alerts me when I need to update other plugins. And it blocks the fake google bots and more.

      I dunno what I’ll do if I didn’t have LastPass. This program is the greatest. It really helps me remember all my passwords since I’ve got hundreds of them. And each of my password is different from each social media and blog.

      I think each newbie needs to know this. Coz I didn’t think this would happen to me. But Tim Bonner shared his experience when he had that Brute Force Attacks and by reading his post, I’ve learned something and installed Wordfence. I had Login Limit Attempts before Wordfence, but I like Wordfence better. Thank God I’ve installed a SECURITY plugin before the attack. So yeah “Knowledge is Power”.

      Thank you, Steven, for stopping by. I really appreciate your presence here. Have a great Sunday and I’ll see you around…

      Angela

      Reply
  19. Akash says

    October 1, 2014 at 6:41 am

    Yah.. it just sounds scarry!! its not too late for protection.. i just install all plugin for my wp security..

    Reply
    • Angela McCall says

      October 1, 2014 at 4:12 pm

      Glad you took it seriously. My niece just lost her website through a hacker. The hosting service got hacked. And so she couldn’t do much about that. SECURITY is highly important and must consider the 1st priority.

      Angela

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

CommentLuv badgeShow more posts
You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @

Subscribe to My Newsletter

First Name*
Last Name*
Email*
eg.xyz@gmail.com
We respect your privacy
Email Marketing by INinbox

Featured Posts

Fear Of Their Computer

Fear Of Their Computer

It was that one afternoon when me and my sister decided to go to Starbucks. She wanted me to teach her how to do her resume online. And so we bought coffee and sat down. While I was showing her how to do Linkedin, Google+, and Facebook, she suddenly freaked out when I was asking […]

  • Do You Know Your Why’s?
  • Is Networking On Facebook A Waste Of Time? Checkout the Infographic!
  • Why Aren’t You Blogging Your Business
  • My 2nd Blog Anniversary
  • The Great Work-at-Home SCAM: Baron Infotech Ltd.

Most Popular Posts

  • Promote Yourself (88)
  • Blogging is Not for the Weak (80)
  • Hostgator Sinking Like Titanic (68)
  • 21 Best WP Plugins (68)
  • Hostgator Customer Service Down the Drain (66)
  • SPAM: Get Rid of Evil Spammers Once and For All (64)
  • Top 4 High Paying Alternatives to Google Adsense (60)
  • My Best Gifts for Christmas (60)
  • How to Stop Brute Force Attacks (Part 1) (60)
  • My 2nd Blog Anniversary (56)

Search

Mission

AngelaMcCall.com is a design and marketing service spearheaded by graphic designer, Angela McCall. With over 15 years professional design experience, Angela formed this creative service to partner with printers, entrepreneurs, developers, … read more...

Choose Responsive Design

You want your site to adapt to all kinds of screens because your visitors may be using iPhone, Smartphone, iPad, Tablet, Laptop, or Computer. A responsive website design can respond to fit for better viewing on any screen. That's why you need responsive design...

Categories

Follow Me

Follow Me on Google+Follow Me on LinkedInFollow Me on YouTubeFollow Me on FacebookFollow Me on Pinterest

© Copyright 2014 · Angela McCall · Private Policy · Disclaimer · Sitemap