You may be thinking, “Who in the world would want to hack my lowly little WordPress website?” Well 48 hours worth of data from a brand spanking new WordPress website may just show you. I installed a fresh copy of WordPress on a new domain on February 1, 2017. By the evening of February 3, 2017, the backend of this site (wp-login.php, almost exclusively) had been attacked 172 times! Russian IP’s were responsible for 145 of these attempts, two in the time I’ve been writing this post. Ukrainian IP’s came in a far distant second. Now, IP’s can be spoofed, but this just shows that even lowly little WordPress installs are constantly being probed for weaknesses.
Update 2/11/2017:
Just an update on how the Russians are still going after the wp-login.php on this site. We’re now at 748 attempts blocked by IQ Block Country. Caveat: The site you’re reading right now has over 10K attempts and the Russians aren’t even on the list. It is easy to spoof an IP address, so who knows who is really behind it all. The simple take away is that there are hackers out there who want to get into your WordPress site. This is just the first step at keeping them out.
Update 2/28/2017:
It’s been just a month since I published this particular WordPress website, so here’s another update. Russian IPs continue to pound on this site, still going after wp-login.php. We’re now at 1861 attempts by Russian IPs blocked by IQ Block Country. Again the Ukraine is a distant second with 111 attempts.
Update 3/28/2017:
We’re two months in and things seem to be slowing down just a bit. From February 25 through today, we had the following countries blocked. Russian IPs still top the list by quite a bit. Lots of IPs are being used as you can see that the top host only has 13 attempts.
IQ Block Country
One of the first plugins I now install on a new WordPress website as a matter of course is a cute little plugin called IQ Block Country written by Pascal van Rossum at https://www.webence.nl. This very cool little plugin with only around 20K+ installations packs a huge punch when it comes to keeping the wolves from your digital doorstep. Note: IQ Block Country does NOT play well with several WordPress caching plugins, including W3 Total Cache, Hypercache, WPRocket. It DOES work well with Comet Cache (our caching plugin of choice) and WP Super Cache.
In order to install IQ Block Country, you need to have sFTP access to your site files. This plugin relies on the free GeoLite database from MaxMind, which is 99.5% accurate. That’s pretty good for a free database. If you need higher accuracy, you can buy a license from MaxMind directly. The installation instructions are clear and straightforward and the needed links are included. You’ll need to download GeoIP.dat.gz from MaxMind, uncompress it and upload the resulting GeoIP.dat file to your /wp-content/uploads/ folder via sFTP.
Block the World from your WP Backend
Once you have the database uploaded, you can access the settings in IQ Block Country. The plugin has the ability to block EVERYONE from EVERY country other than your own from either the backend, the frontend or both. Just go to the backend settings tab (see below) and select your own country from list. Then make sure you invert the selection. There’s a little checkbox for this. If you don’t invert the selection, you’ll lock yourself out. You can also whitelist your current IP address (again, see below). I usually leave the frontend settings alone, but you can also set similar blocks if needed.
Pascal van Rossum, the author of this wonderful plugin, has made it freely available for all of us to use. If you try this plugin out (and you should), please help support his efforts. Do yourself a favor and just block the rest of the world out of the backend of your site. There are enough threats at home without adding to the noise. More about the layers of security we use coming soon.