Click here to go to Win A Day Casino Mobile!

Put A Firewall Up To Protect Your Blog From Attacks

I usually wait awhile before doing update posts so the original post gets to be seen by quite a few people. I’ve never, ever posted an update straight after the original post. However, since my last post about how My Blog Was Hacked And What I Did About It I’ve decided that this update was so important I should post it straight away.

Fist off I would like to thank Keith of Public Speaking and Presentations for putting me onto John Hoff and his post about how to easily set up WordPress firewall for your blog. Because of that post I’ve installed the SEO Egghead’s WordPress Firewall Plugin! You see where in my previous post I showed you how to protect yourself from someone hacking into your blogs dashboard this one protects you from the more malicious attacks the sort that uses SQL injection. Without this plugin hackers can hack your files without gaining access to your dashboard. I urge you to read John’s post and to install this plugin.

Firewall separating zones of trust
Image via Wikipedia

Since it’s installation I’ve been notified of several attacks on this and one of my other blogs. If I didn’t install the plugin not only would I not have known of the attack my blog may very well have been compromised. Once an attack occurs you get an email notifying you of the file they tried to compromise as well as the IP address of the offender. Apparently all the attacks appear to be “Directory Traversal Attacks” You can read about these and other attacks that a blog may be susceptible to here.  Yeah, I know there’s no SEO value in that link but screw SEO, it’s more important that I get this post out as quickly as possible.

Since being hacked and these attacks I’ve decided to change my user name because I admit it, I’ve been a real wanker because I’ve use admin as my user name. Why, because it’s the default and I never thought twice about it. The problem with admin is most blogs use the default and by doing that we’re making it very easy for the hacker to get in. He already has the user name so all he has to work out is the password. How do I know this? Because every email I’ve gotten so far telling me of attempts to gain access to my blogs have used admin as the user name.

Quick Tip: You know you have to change your user name when you get an email that someone has used it in an attempt to log on.

The problem is that you can’t change the name from the dashboard. Apparently you can change it by accessing you database but that’s too damn hard for most people, me included, which is why I found a plugin that will do it for me. You can access this from the dashboard using the Add New selection in your plugin menu. Just type in Admin renamer extended in the search box and you’re good to go. If you have an easy password it’s probably a good idea to change that as well.

Admin renamer extended

If you ever needed to promote a post via your favorite social media site, Twitter, Facebook or whatever, then I would highly suggest that this is the one. it’s probably a good idea to join my list so you do not miss out on these very important updates.

Digiprove sealCopyright secured by Digiprove © 2011
Previous Post

My Blog Was Hacked And What I Did About It

Usually when people think of sites getting hacked they get images of major mayhem where ... Read more

Next Post

Putting The Fun Back Into Your Posts

Image by cindy47452 via Flickr
Damn if things aren't getting a ... Read more

Please follow and like:
3
2
Follow Me
Tweet
LINKEDIN

Peter Pelliccia

I'm an Aussie blogger who loves to blog and share everything that I've learned on my blogging journey, including blogging tips and ways to blog for money. I am also trying to make my way on YouTube. You can follow my progress by subscribing to My Bonzer Channel.

This Post Has 93 Comments

  1. I never had problems with my blog as far as malicious attacks. I use WordPress Firewall 2 and it works like charm.

  2. Thanks for the heads-up Sire. I’ll look into this firewall plug-in as soon as I check with my host admin. I know they have some pretty tough firewalls installed, and I’d be just my luck that I’d install another thinking I’m doing something good that will bite me in the niney.

    But I will definately look into this today. Thanks!

    1. No worries Allan, I’m sure it will be OK,


  3. Twitter:
    It sounds like you have found what is at the root of your hacking problems. So glad you know what is going on, and that you’ve been able to take some preventative measures to keep it from happening again.

    1. I can’t be sure it’s the same guy Allie, but either way they’re going to find it a lot harder to get in now.

  4. Ever since I followed your previous post’s advice about that plugin that limits login attempts, I’ve received 2 emails about attempts to access my blog from some foreign IP. I’m not sure but this may be a probable answer why my stats record considerable traffic from a particular country called which btw is the country from which the hacker of my blog last year admitted to be from.

    Thanks to this follow up post. I’ll definitely be installing that firewall plugin and read up on the renaming of the user name.

    1. And now that you will install this plugin James you will get more emails telling you of attempted hacks on your blog. At least you will know it’s happening and armed with the information you will at least be able to ban the offending IP’s.

      1. Having the power to ban IPs? Wow, this is not just passive defense. More like active defense, bordering on offense. Great.


      2. Twitter:
        I figure at some point we’re going to have to find someone who can teach us how to ban certain IP addresses, because I don’t have any idea how to do that.
        Mitch recently posted…Quick Hitters TwoMy Profile


          1. Twitter:
            Okay, saying one can do it via .htaccess and assuming everyone knows what that means and how to do it is another thing. :glurps_tb:
            Mitch recently posted…EzineArticles Plugin Is No MoreMy Profile

  5. I will check it out, Thanks for the tip.

  6. Hello,

    Using a firewall became such a ‘not trendy’ thing but we all tend to forget about the risks we’re exposing ourselves, at least – the risk the ones that don’t use firewalls are exposing themselves. Also, I am sincerely afraid of getting hacked too, so I downloaded wordpress-firewall.php too because I really need to be secured, it’s never ‘too much’ for being secured, we, the webmasters always need to stay updated as much as possible and keep our security as high as possible. Thank you very much for helping me secure my blog with this plugin, I am very grateful.

    Best wishes,

    Ionut

    1. Better to be safe than sorry, that’s what I always say.

  7. Glad to hear you got some security sorted; I have been using the 4G (soon 5G) Blacklist from Perishable Press. So far it has been working ok with me.

    though will check out the original plugin also.

    1. The only 3G and 4G that I know of have to do with the mobile phone network?

      1. Haha, the 3G and 4G is just version names. The projects itself slips into your .htaccess file and prevents some malicious scripts running, some spam protection etc. Suggest you give it a look.


  8. Twitter:
    I read this and went to install it through the blog, and it seems there’s an updated version, WordPress Firewall 2, from the same people, and that’s the one people should upload. I hope you got the newer one. Glad you wrote about this, though; I’ve had some attempts to hack into my blog in the past 24 hours and the other plugin blocked it, but it looks like these sneaks are coming for us.
    Mitch recently posted…Do You Want Accountability Or ActivityMy Profile

    1. Actually Mitch John spoke to the author of the original plugin and he said it was a copy and recommended installing the original because he can’t guarantee that nothing untoward was added to it. I took his advice and went for the second one.
      Sire recently posted…11-Inch MacBook Air ReviewMy Profile


      1. Twitter:
        Actually, I’m thinking it almost has to be the 2nd version because the first version says it’s for 2.X, and we’re not on that version anymore.
        Mitch recently posted…Twitter Numbers What The HeyMy Profile

        1. The original plugin was developed by SEO Egghead, Inc. The one you installed is a copy of the original. In it’s description it states at the end

          Originally developed by SEO Egghead and released as WordPress Firewall.

          I originally installed that one but on John’s recommendation I ditched it for the real thing.

        2. Hi guys. Just to shed some light on this, I emailed the original WordPress Firewall author (SEO Egghead) back in November and asked him about this.

          Here’s our email conversation (I’m sure he won’t mind me showing it):

          ME:

          “Hi there. I authored a WordPress security ebook called WordPress Defender and I have a question about your WordPress Firewall plugin.I noticed WordPress Firewall 2 is out but it’s by a different author. I have a few of my customers asking me about the plugin because Matthew Pavkov is listed as the author. Are you working with him or could you shed some light on this so I can inform my customers about what’s going on with WF2?

          Thanks,John”

          SEO Egghead’s Reply:

          “No. That’s unauthorized and I don’t even know who he is. If he updated it, it would be nice if he talked to me and credited me :)

          I heard of a few issues with new versions of WP. Others don’t have a problem

          If you give me a few days, i’ll do a final update so you can include it.

          Thanks for checking with me.”

          The reason why WordPress Firewall only says compatible up to 2.x is because the plugin owner hasn’t gone into the WP plugin repository and updated the profile.

          It’s still works just fine. I use it on 5 different sites.

          I’ll email him though and let him know that it might be a good idea to update that profile.

          1. Thanks for that John and I can also vouch for it as I’ve used it on all my blogs.


          2. Twitter:
            Thanks for going that extra step, John. So it seems I’m running the “fake” version. I’ll go load the other one, although right now the “fake” one seems to be doing something, even if that something is scaring me to death with all the warnings. lol
            Mitch recently posted…Are You Ready For “Controversial”My Profile

            1. Hi Mitch, no problem.

              The plugin is probably fine but who knows…? The original works just fine with me.

              A lot of those warnings might be false positives. Sometimes a legit script or bot can trigger it.

              Watch for warnings where there’s something explicit which you know had to of come from a person.

              For example, here’s a screenshot of one of my warnings which clearly was someone trying to hack into my database.

              Firewall Block


  9. Twitter:
    Sure, as I’ve already loaded the other one on all my blogs. Maybe it can’t be guaranteed, but the rankings for the 2nd one are higher, almost perfect, so I might change one just as a test, but I’m going to hope I’m good overall.
    Mitch recently posted…Why You Need A Comment PolicyMy Profile

    1. I’m sticking with the SEO Egghead version. Honestly though Mitch, the most important thing is that we have it installed, that’s what really counts.

      I’m going to record all the IP’s that are trying to hack in just for curiosity sake.
      Sire recently posted…What Affiliates To Promote To Blog For MoneyMy Profile

        1. Well the guys from SEO Egghead told John they couldn’t vouch for the copy so I reckon it’s safer to go with the original, which is what I did.

        1. I went to one but there was nothing there. I think perhaps it’s a good idea to record them so we could ban them at a later date.

        2. The thing to remember here is that IP addresses can be masked. For example, you can go to MegaProxy.com and surf the web under a different IP address.

          If you notice the same IP address keeps attacking you, then ban it via .htaccess, otherwise the IP ~probably isn’t the real attacker’s IP.

          About the WordPress Firewall 2 plugin.

          I guess I look at it like this. If this plugin author TOTALLY and very secretively copied someone else’s work and claimed the name as his own (not to mention it’s a plugin which is suppose to “defend people’s rights”)…

          Who knows what else they are hiding, pretending to be, etc.

          It’s up to you which version you want to use. I’m not a PHP programmer so I haven’t checked ver. 2’s code… who knows, maybe it’s good.

          But it doesn’t feel right to me and my gut says to stick with the person who is not trying to be “sneaky.”

          1. I’m with you John, but I think I do remember him giving credit to the original plugin in the description.

            1. Yeah I suppose he mentions SEO Egghead on the details page, but it’s sort of weird how he makes it look like the two of them are the authors… like they worked together on this.


  10. Twitter:
    Thanks for the tip about the WordPress Firewall. I’ll check it out for sure, but I believe it’s WordPress’ responsibility to ensure the software is safe against SQL injections. I mean, WordPress is supposed to be easy to use as a blogging platform, right?

    I’m just saying, there are so many people out there who hasn’t got a clue about SQL injections (or know they exist), how are they ever supposed to be just somewhat safe online, if WordPress is wide open enough for SQL injections to make it through?
    Klaus recently posted…Samsung release Galaxy S II with Android 23 GingerbreadMy Profile

    1. Actually I think WordPress is a very safe platform as long as you update regularly. Ever since installing the firewall I’ve been notified of people trying to hack in. That means they’ve been trying to in before, I just didn’t know about it. Even so they haven’t been able to get in which shows how good it really is. The firewall is just an added precaution.
      Sire recently posted…What Affiliates To Promote To Blog For MoneyMy Profile

        1. Does it really matter if it’s a human or a script? I think it’s enough that someone or something is trying to hack in and I now have a firewall there to protect me against it.
          Sire recently posted…Do You Want To Earn Money WritingMy Profile


          1. Twitter:
            Yeah I think it matters a little bit. The bots are all over the place, they even try to gain access to your own computer most of them time, by probing ports etc. – but they don’t get through due to your router and firewall, and how your ISP’s network is setup.

            If it’s a person, I would be more concerned, as it could mean that someone has it in for you. Of course it could also just be a script-kiddie trying out various “how to hack wordpress”-guides on random wordpress blogs and then move on to the next if it fails, until he finds a wordpress blog old enough to be lacking latest security updates. Of course the bots work the same way I guess, by probing until they find an unpatched version and they do some automatic actions to harm your posts/files (or reports back to its administrator).

            No matter what though, we should be protected against both humans and bots :)

            Soon we’ll have Skynet and John Connor is the only one who can save us…
            Klaus recently posted…Samsung release Galaxy S II with Android 23 GingerbreadMy Profile

            1. Either way, whether it’s a bot or a human I know that I am better protected now than I was before, and that’s all that matters.
              Sire recently posted…Do You Want To Outrank The ProbloggersMy Profile

  11. Have downloaded the firewall cheers and changed the admin but had to create a new account and delete the old one, as I didn’t read the full post until I completed the task. Think the plugin would have been a little easier, still its done now and maybe next time I wont be so hasty.
    khaled recently posted…How To Protect Your Jewellery Or Craft DesignsMy Profile

    1. As long as you got it all done Khaled, at least now you know your blog is a lot securer that what it was.

  12. Nice one Sire
    Can’t believe how quickly you got this post out.

    I did find a tutorial on how to change your username via the admin panel – I’ll see if I can find it and post a link.

    As for which version to use, I usually go with John Hoffs suggestions.

    BTW – thanks for the mention
    Keith Davis recently posted…Great Speeches in FilmsMy Profile

        1. Wow! I wouldn’t of thought that a secondary admin would be able to delete the principal admin. That’s like a 2IC knocking of the boss and taking over control.

          Still, I prefer the plugin, it’s easier and less could go wrong. Imagine if you forgot to attribute all the posts to the new admin, you would end up deleting all the posts as well.

  13. Will definitely be installing a firewall on my wordpress blogs now!
    I wonder if there’s anything that should be done with the logged IP? Can it be reported or anything?

    1. I reckon that would be a good idea Ben

  14. Hi Sire,

    Thanks for the tip, for the hackers out there the administrative user for my blog is nimda! Okay, seriously, I’ve never thought about putting a firewall on my blog (because sometimes I think it’s overkill) but I guess I need to.

    Other than that, there’s also a plugin that limits the number of login attempts to your site. I know brute force hacking is silly over http but you’ll never know.

    By the way, is it just my browser or are the images on your footer missing?

    1. Hey Jeedo, I actually mentioned that plugin in my last post which I linked to at the beginning of this post.

      Could be your browser, I’m using Firefox and there are no images, except for the ones in the top commentator plugin.

  15. Great to know about this plugin Sire. I will install it on my WP blog. I’ll have to check if Joomla has something similar for my other site. I haven’t heard much online about security issues for Joomla, but I’ll still stay vigilant.

    1. It’s a shame we have to go out of our way to take these measures Gordie, but we have to do what we have to do.
      Sire recently posted…11-Inch MacBook Air ReviewMy Profile

  16. Thank you for this plug in. I have installed it on my own blog and I am going to get all my clients to install it as well on their wp blogs. I will also make it a standard included plug in for all new installs.

    Bj

    1. Sounds like a good idea to my BJ, and I’m sure your customers will appreciate you doing that for them.
      Sire recently posted…11-Inch MacBook Air ReviewMy Profile

  17. I use Internet security software to protect my PC from internet activities but never think about wordpress. Thanks for this plugin now i Will use it on my blog.

    1. I think that is a good idea Rakesh.

  18. Hello Sire,

    I really need to install this on some of the blogs on my server, because I think (you know I mentioned I got hacked some time ago) the hacker actually accessed my server via a buggy script on my blog.

    I am especially scared of scripts susceptible to Directory traversal because this kind of attacks can easily help an attacker to read any file from your host, any config file. Pretty scary.

    Thanks for researching this topic for us, I really didn’t know about this script.
    Alex recently posted…HockeyMy Profile

    1. I would do it as soon as possible if I were you Alex, you just never know when they’ll hit your blog next.

  19. Great plugin, I’m downloading it now for my blog. Hadn’t really thought about security, thanks for shining light on this situation.

    1. We usually don’t Adam which is why I thought it important to get this post out.

  20. Hi Sire, I was hacked myself recently. I was surprised because I was using Login Lockdown and Secure WordPress which I had seen recommended elsewhere. Tech support at my host thought I was hacked through the comment form, so I added a hidden Captcha. Thanks for the tips on the Firewall, and changing the log in, I will try those!

    1. So sorry you had to go through all that Jennifer. I reckon changing the admin name and installing the firewall will make it that much harder to compromise your blog again.
      Sire recently posted…What Affiliates To Promote To Blog For MoneyMy Profile

  21. Thanks so much for reminding me, had a new blog which was unprotected, but you got me all sutited up!

    1. My pleasure Elin

  22. Hey Sire,

    I real sorry to hear that your blog was hacked in to. I really think you’re doing a great thing by sharing your experience to help others avoid the same problem.

    The WordPress Firewall Plugin sounds very effective. I am off to install it right now and see how well it works for me. Thanks for sharing.

    1. It’s actually very effective. I actually forgot to whitelist my IP and couldn’t work out why I kept getting booted to the home page every time I tried to modify my theme. It was the plugin looking after my blog. Once I worked that out I added my IP to the whitelist and I was able to modify it again.

  23. Good point Sire, I’ve had my blog attacked by hackers and I have trouble sleeping for days :)

    1. Well then Rizky I think it will be a good thing to do something about it before it happens again.

  24. Hi Sire, I have been a silent reader of your blog for the last few months, though my partner Robert has earlier commented on your posts. We really find your blog useful. Like from this post of yours, I came to know of the wordpress firewall plugin. Just two questions here (please pardon if they are silly) – Is there any option to get this firewall for other CMS sites like on Drupal ? And how to implement it on company blogs using wordpress ? Thanks.

    1. Glad to see you here Daniel and that the post brought you out of the shadows :wink_ee:

      They are not silly questions at all. I’m not familiar with Drupal so I can’t answer that question, sorry :down_tb:

      As for the company blogs, as long as they’re self hosted sites the plugin can be obtained directly from the dashboard, plugin section.

  25. Thanks for the firewall plugin advice Sire, I hope your own hacking problems have been sorted. Hopefully the firewall will stop any future black hat attacks.

    John
    Leamington Spa, England

    1. No worries John, and I feel a lot more protected now that I have taken the steps to secure my blogs.

  26. Sire, this is very helpful. Unfortunately, am not using WordPress. Is there any way to block the hackers aside from installing this plugin? I am not aware as of the moment if I am hacked so far. Thank you, Nate

    1. That’s strange Nate, I just visited your blog and you’re using the Woo theme on a WordPress platform. That being the case the plugin would be perfect.
      Sire recently posted…Putting The Fun Back Into Your PostsMy Profile

  27. How would the firewall protect my blog?
    Also, do you think it will affect any other plugins or blog fuctions?

    The reason why I ask is because I’m using thesis theme and I had to disable to plugins due to them conflicting with my site.

    1. Will it affect other plugins? Well to answer that I can tell you I have 51 active plugins and there have been no hiccups.

      As to the firewall protecting your blog. I can tell you that your blog is probably being attacked right now as we speak, you just don’t know about it. I know because once I installed the plugin I’ve been notified of such attacks. You can be assure that your blog will be compromised as soon as they find a weakness. The firewall will stop that.

      Unless you tell the plugin your IP address it even stops you from accessing your theme files.

  28. My travel blog http://thingsyoushoulddo.com just got attacked – I’m not exactly sure what happened since the host guys only knew tech speak – not people speak, but I was down for almost a week.

    I’ve decided to bite the bullet and hire a local wordpress support person. I am strong on the marketing side, and I could probably make some referral income if I had someone to recommend. It’s fine working with someone over skype when you know what you’re doing, but there are opportunities with clients who need hand-holding.

    Btw, what is the cool slide-in plug-in that comes in across the bottom of your page. I like it.
    Juliemarg recently posted…Local Search Think Tank February 2011My Profile

    1. Sorry to hear that Julie, and sometimes if you can’t do something yourself there is nothing wrong with outsourcing.

      That plugin is called upPrev: NYTimes Style and yes it is cool the way it slides out.
      Sire recently posted…Putting The Fun Back Into Your PostsMy Profile

  29. The worst thing about passwords is that they are so easy, here is a list of the 10 most common set of passwords. It is scary that people are using them.
    1. password
    2. 123456
    3. qwerty
    4. abc123
    5. letmein
    6. monkey
    7. myspace 1
    8. password 1
    9. blink182
    10. (your company)

  30. I didn’t know there was a firewall for wordpress.
    I could have used it a few months ago when some mexican guy hacked my website and i was forced to redo everything. Lucky me he didn’t touch the database, but the damage he did was enough.

    1. Neither did I Maria until Keith gave me the link to John’s post. At least you now know you can protect yourself from future attacks.
      Sire recently posted…In Search Of The Right SEO CompanyMy Profile

  31. I think easy log ins are always going to be a problem, you can put any new software you want on but if the standard log in is set as ‘admin’ then if you tried to log into 500 wordpress accounts with ‘Admin’ and ‘password’ I bet you would get into at least 10-20 if not more. username and password guesses are the most common way accounts are ‘hacked’

    1. Which is why one should never use admin as the login name.

  32. It seems you are running this as an affiliate..

    1. Nope, you are wrong there as I have nothing to with them other than using their plugin

Comments are closed.