Daily Archives: September 8, 2018

Example of attacks on your wordpress site

Below is a log of failed attempts by a script or bot to guess your WordPress admin panel URL. WordPress is the most popular website platform in the world and is also the most attacked. Any wordpress site my team takes on will get a security sweep that includes implementation of a custom admin panel url and multi factor authentication for all users to keep people out of your admin panel.

On a similar note, attacks on WordPress sites are common against installed plugins, which aren’t developed as securely as the WordPress platform itself. Here is an example of a bot checking for specific files on specific plugins that have known vulnerabilities. I highly recommend keeping the number of plugins and themes on your wordpress site to a minimum, and keeping them up to date.

Example of a security attack on your magento store

One of my clients’ sites has a 404 not found logger installed so we can easily add needed redirects. While reviewing the log today it became apparent somebody had run a script against the site to check for a couple hundred combinations of common directories and files that could be downloaded. Many of them were looking for database backup files. The scary thing is, as I’ve worked on dozens of Magento sites, I’ve seen files and directories with these names available publically when I start working on their project. All someone has to do is guess the filename and proper path and they’ll download an older copy of your database – whenever your developer created that file. It’s difficult for a store owner to identify this security risk because most of them aren’t accessing the code files and looking. Be sure to have a development team working on your site that is focused on security and doesn’t leave these files laying around! The good news is, we don’t have any vulnerable data accessible like this on our customers’ project, and we blocked this IP address.