Every day, hundreds of thousands, if not millions of hacking attempts are performed to most websites all around the world and if it happens that you own a website, whether popular or not, most probably than not, it has already been targeted by these malicious folks who are trying to get access to your beloved asset. If you ever had a WordPress website and installed the Wordfence plugin in it, and if you set an email address in its option to send you email alerts, it will not be new to you to receive this kind of email from this plugin:
Just last year alone, I received more than one thousand emails from the plugin, notifying me that the Wordfence has blocked someone who is trying to login to my wordpress websites using incorrect login details, and while I was browsing through these emails last week, a bright idea struck me, I said to myself “why not analyse these attempts and see if I find some patterns from them” so just a few days ago, I got excited on this new adventure, so what I did is in my email account, I created an email filter which filtered all the emails coming from the wordfence plugin and created an exclusive folder for it. I named the folder “Hacking Attempts”. After that came the not so exciting part as I have to painstakingly run through all the thousands of email to get the information I need – the IP addresses, the countries, and the incorrect usernames used by hackers when they try to access my sites. It took me maybe around 3 – 5 days to completely go through all the emails and the result? It is not actually what I suspected so I am a bit surprised when I did the analysis of the result which you can see for yourself below:
For the IP address, 90% of the addresses is unique, and most probably, these are proxy IP’s to mask the real location of the hacker. This is not new since most probably, if you are doing something blackhat, you would not want to reveal your real location as cyber police will most probably hunt you. It is also worth to consider that these attempts are performed by several hackers only, using a hacking software, because you know, hackers are programmers, and programmers are lazy, and I know it because I am a self-learned programmer, and I studied programming because I was too lazy to do things on my own, especially the repetitive ones, so I create applications that will do the work for me, just like these hackers who create these hacking software or “bots” to do the dirty work for them while they relax.
Although there is not much to deduce on this data as these ip addresses could be misleading since these ip addresses do not exactly reveal the real location of the hackers, what we can do is to make sure these proxy IP’s are blocked to access our websites, and this can be done thru the Wordfence plugin or other WordPress security plugins, or you can also do it via server side if “IP Blocker” is available in your cpanel. I also provided the list of IP addresses used that tried to login on my website, and the download link can be found at the later part of this post.
These data are related to the IP addresses since each countries are allocated with its ranges of IP addresses. Although this will also mislead us since it is linked to the ip addresses, it is still good to know where these hackers get their IP addresses from, so we’ll know if we can prevent these countries from visiting our websites and block the entire country which you can do using the country-blocking plugin such as iQ Block Country. You can see below the attempted access to my websites, and what surprised me is that the top country is not the one I am thinking.
So as you can see from the image above, the top country is US, but who knows 😉
If there is something really useful in this analysis, this is that piece of information. As you know, what the hackers are doing here is what we call “brute force attack” where the hackers try to guess what username and password are used to access your website, and this process is very iterative as they try it multiple times on your website, so as webmasters, it is imperative for us to prevent them from doing that, and one way to do this is to limit their attempts by using plugins such as Wordfence or other security plugins that has the feature to limit login guesses when access details used are erroneous. Aside from the IP address and country, I created a chart below from the result of my analysis that shows what usernames are commonly used by hackers to get access based on the multiple hacking attempts on my sites.
Also, to give you an idea on some of the username patterns, below are the username used with wpislife.com as the example website
- domain | wpislife
- domain.tld | wpislife.com
- [email protected] | [email protected]
- site title first word | WP (since my site title is WP is LIFE, the first word is “WP”)
- site title second word | is (since my site title is WP is LIFE, the second word is “is”)
- [site-title-first-word]-admin | WP-admin
- www.domain.tld | www.wpislife.com
So there you have it, make sure next time that you stay away from these usernames to make sure that you are not giving away free information to these mischievous folks. Also as an act of good will, I compiled in a csv files all the data I gathered from the hack attempts and you can download it by clicking this link
But as you know, the method used by hackers here is just one of the many, as there are actually other ways where the security of your website can be compromised. Brute force entry is just one and there are actually multiple venues where vulnerabilities of your website are exposed and taken advantage of.
As a webmaster myself with 10 years of tinkering website (as of this writing), there is still not much I can only do but to only have a proactive approach to protect my website properties from vulnerability attacks, and here I can share to you some of the tips that I mostly do to prevent security breach from happening to my websites.
Tip #1: Make Sure All Things Are Updated
Outdated themes, plugins, and WordPress versions can be subject to vulnerability attacks as hackers try to do everything possible to expose whatever vulnerabilities of these website components, so make sure to update the latest version of these whenever there are available
Tip #2: Use Minimal Plugins
This is just my personal opinion because I am a minimalist type of person so I only use plugins that I really need. Besides, plugins, if the coding is not properly done, can harm your website as it can be a backdoor for vulnerability attacks.
Tip #3: Use Strong Password
What you don’t want to happen is to have a hacker access your website due to a weak password, so make sure to use a combination of alphanumeric and special characters whenever you create your password. WordPress has a strength meter to measure the strength of the password that you will use, make sure the strength is above 80 though100 should be your target. I also recommend you practice leet typing when generating passwords to convert common words into strong passwords
Tip #4: Avoid the Usernames
As per my analysis avoid using the ones commonly used by hackers. Give them a hard time to guess what your username is.
Tip #5: Install Security Plugins
Anyway, this should be mandatory if you are a responsible webmaster who take your website properties seriously. Anyways, if you are short in cash or you just don’t want to spend, there are free plugins to choose from like Wordfence, which I currently use, and though it’s free, it’s actually doing a great job on my sites, especially on the email alerts and banning of failed attempted logins. So be sure to check it out
Tip #6: Vulnerability Check
You should perform a vulnerability check on your website at least once a month to make sure that you know the vulnerabilities of your website so that you can take action to address those issues, because as the old folks say it – prevention is better than cure, be safe than sorry, and so on and so forth, so make sure that your website gets checked from time to time. This is just like the preventive maintenance checks for your cars to know what are your car’s issues so that these get addressed beforehand so your car does not breakdown while you’re in a trip in the middle of nowhere, or like taking the annual physical exam to determine if you are physically fit. Anyway, if you want, WPisLIFE provides an extensive vulnerability check for your websites to determine the issues so you can address them right away, anyway the cost is just dirt cheap compared to what you will pay if your website’s security gets compromised, so be sure to check out our service by clicking this link
So I guess that’s all I can say for now. I hope I was able to provide you with some valuable insights that could help you on your business. If you have some experiences related to this post, or if there are some useful tips that you want to add, or if you have anything you want to share, please don’t hesitate to comment below.