Well, it’s been one of those days. This site has been under attack for almost the entire day. Thank heavens for security programs (plug-ins) and WordPress.
When I finish reading my morning papers, I open my computer, check my email and run checks on our internet connection speeds from dslreports and Speakeasy (approved by TWC). Next, I go to Goodreads and see if there is anything new and interesting and then MacSurfer (for news and program updates). Last, that is, before losing myself for a half-hour in Facebook, I check my blog (yes, this blog).
I look to see who has been reading my posts and pages and any comments they’ve left. Usually, this takes all of a couple of minutes, but today, it’s a bit different.
After looking at the above, I went to Wordfence‘s Live Traffic feature to see the hits. Whoa . . . every few seconds these was another hit blocked by Wordfence: . . . was blocked by login security setting. at . . ./xmlrpc.php. No one actually got to any of my files but hundreds (thousands?) of hits was rather unnerving.
This was in addition to the normal googlebot, wordpress.com and human traffic.
Just in the last hour there have been more than 150 hits from IPs all over the world. Plus, some 270 attempts, throughout the day, to log in to my site as me — or, at least, into my old, and deleted, username.
If you’re having the same kind of trouble and you don’t have any security on your site or back-up of your site — Get Something!!!
I use: Wordfence (the free version), Anti-Malware Security and Brute-Force Firewall, and UpdraftPlus – Backup/Restore. And, of course, a long and strong password.