What should I do if 1 guy is hacking my wordpress blog and I know that he is doing it by using ports. What happens when he do this, in the first few minutes the website is laaging, slow url opening time, and when the 5 minutes pass I just see the white window (I’m using Fire Fox), when he stops doing that everything is ok. So what should I do? Anyone knows? :( :(
The first step is to make sure you are upgraded to the VERY LATEST version of WordPress. The process isn’t always painless, but there has been some very serious weaknesses in WordPress in previous versions that have now been patched. Also, make sure you have your permissions set on your files and directories on your server set correctly, that you don’t have any extra WordPress accounts (especially administrator ones), and that your administrator password is a secure one.
There are a few wordpress plugins that allow you to batton down the hatches a bit. One good one is a login documenter (its not called that – but I can’t remember the name), this will allow you to see all attempts at logging in, successful and failed and will block the IP address of a fail attempt for a few hours. Its worth a search for security plugins to see what you can do to tighten-up your site.
Before you get too gung ho about IP banning, keep in mind that most people are now surfing with dynamic IPs. If you see a hacker and block his IP, you are blocking the IP not the hacker. He could easily be back shortly on a new IP but other people on the same host will be blocked whenever they are assigned the IP he was using when you blocked him.
I’ve started implementing code that detects the hacker (XSS attacks and snooping directories)and redirects him to a page that informs him he has been detected and that his host has been emailed. The later is a bluff because I don’t know how to programatically determine a host’s email from an IP but it appears to have had some success.
EDIT: Geez, I just noticed the date on this. :oops: