: WordPress bot issues I need to implement a blog into a clients site as he is unhappy with his current basic CMS driven solution. It needs to suit both seo and the current style and as
I need to implement a blog into a clients site as he is unhappy with his current basic CMS driven solution.
It needs to suit both seo and the current style and as I'm a front end dev/designer and they don't have budget to redevelop - the only solution I can think of is to setup a Wordpress blog and restyle to suit.
My only worry about this is the current press reports on WordPress being affected by webbots.
I understand the main worry Is if you use an id of admin, but I'm concerned that regardless of this the site could be bombarded with bot requests and cause timeouts! Is this valid? If so is there any way to avoid this issue!?
If not can anyone recommend another good SEO friendly blog solution!?
More posts by @Harper822
3 Comments
Sorted by latest first Latest Oldest Best
Your concerns are valid, in the last year some of the largest hosting providers were hit by DDoS attacks targeting WordPress. One was a botnet brute forcing logins on wp-login.php. It was around 200,000 bots and affected BlueHost/HostMonster, HostGator, GoDaddy and others.
The hosting providers quick fix until a longer term solution was ready was to disable the wp-login on all the websites running WordPress. This lasted for a few just under 24hs.
The same attack could affect Joomla or any other site with a login form for that matter.
A great plugin for WordPress is wordpress.org/plugins/better-wp-security/
It allows you to hide the wp-login.php page, changes your db prefix though that should be done during install. Monitors, and bans, brute force attacks.
If you Google Securing WordPress installations you'll find that most steps taken are pretty basic and work well.
Use as few plugins as possible, and those which you do activate make sure they are popular, have been updated recently, and that you always keep them up to date, as well as the core WordPress files.
WordPress is a great CMS to use for a website and your clients. Securing it is straight forward and easy.
but I'm concerned that regardless of this the site could be bombarded with bot requests and cause timeouts!
In addition to the plugins mentioned above, you would also want to implement a caching solution (W3 Total Cache or WP Super Cache) and also look into using CloudFlare to both speed up the site and prevent bot attacks.
What you are trying to do is not give the bots anything dynamic in nature. By limiting login attempts and beefing up the default security settings you do more to close off having the site hijacked. Caching helps with traffic spikes that may be bot-related while a CDN can serve as a buffer between your server and the bot attack.
Bad Behavior can be used to prevent unwanted bots from accessing the website. Limit login attempts will complement it by blocking bots that will slip through.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.