Another day, another hacked website. This time, thankfully due to the security and backup solutions in place, restoring this backup was relatively straight forward and much cheaper than if these security solutions and automated backups weren’t in place.
Usually we get businesses running to us when things have gone wrong and they have failed to plan accordingly for when this happens. Thankfully, whichever way you look at this, this business had been hacked before and since then had additional levels of security and automatic backup solutions in place to reduce the risk and help to resolve issues when they do go wrong. This being said, on this occasion, no amount of technology can protect against basic human error and weak passwords.
Below is a brief outline about what happened. It’s only a rough guide but does go to show how something as simple as a weak password can even bypass the additional security. And most importantly, this highlights the reason why you should always be planning for the worst and expecting the best. Naturally, all of the sensitive information is blocked out of the screenshots, as is information about the hackers as they deserve no additional praise for the work they have done.
Website takeover
Server Logs
The website isn’t hosted with ourselves, so by the time we investigated this we couldn’t access the server logs as web server had already been rebooted, so the error logs lost.
WordPress Access Logs
Show that the user ‘Admin’ logged in on 08-05-2016 at 8:55 am;
From the IP address 41.111.14.83 which is based in Algeria, Africa;
This username belonged to a member of staff at the web hosting company whose account was compromised and used to initiate the attack;
Which when looking at the access logs on the date, there weren’t many failed login attempts which suggests that their password was rather weak;
Plugin Uploaded
Now the hackers had Administrator access to the site, they uploaded a plugin which allowed them to upload a script to the site and run this script via the command line;
This plugin & script allowed the hackers to take over control of the whole site and display the messages.
Summary
While this does seem like an extremely simple thing, essentially guessing someone’s password. This does highlight the importance of being able to trace exactly what happened when a hack occurs. Being able to track the path the hackers took to exploit the website ultimately led to the root cause of the problem being able to be fixed to prevent this from happening again.
If you don’t have website security and automated backups in place, then get in touch. Seriously, get in place what you need to before you get hacked. Do not think that this will not happen to you. As we have just shown, even with added levels of security in place, a hack can be as simple as a weak password. Make sure you have the right technology in place to be able to identify the root causes of problems when they do occur to save yourself significant time and money dealing with things when the inevitable does happen. No-one wants to get hacked and everyone believes they will never be a target. The reality is that most businesses will get hacked at least once in their lifetime. It is only the large businesses that we often hear about in the news. In this instance, this is a story of a small business, less than 10 staff, for whom this kind of issue is something that they would prefer not to have to deal with.
In this example, we were able to respond to the issue, identify the affected areas of the website, identify the root cause & patch all within a morning. All for the cost of the price of a coffee per day. You have to ask yourself, if you don’t have the right technologies in place to deal with situations like this, how long would your website have been offline for? A day or two? A week? More? I can’t stress enough that preparation is key when dealing with cybercrime. Your digital back door is probably wide open, waiting for someone to walk by and exploit it, you just probably aren’t aware as it’s not something you can physically touch and feel.
WooCommerce is the leading ecommerce technology in the WordPress ecosystem, yet many people, both beginners and experienced users, struggle with adding products to WooCommerce in the right way. I say the right way, as getting this part wrong can lead do long term issues and time consuming mistakes to fix when data isn’t entered in the right way. WordPress and WooCommerce are database driven technologies, meaning that to be used effectively data must be stored in the correct place for it to be used effectively.
To put this into something that is simple to understand. Imagine you’re a chef, a really good one too. You don’t just see a carrot as a carrot which can be eaten. You see the carrot as an ingredient which can make many things. Now imagine a whole host of ingredients that you have in your fridge ready to cook into anything you fancy. The ingredients in this instance it essentially the data behind a product, the pieces of information. If you take all of your ingredients and keep them in separate containers, you can continue having the flexibility to choose what you cook when you like, i.e. putting your product data in the right place within WooCommerce. Compare this with if you took all of your ingredients and mashed them up into a single container. You simply wouldn’t be able to work with that data in any effective way at all. Whatever you made, you’re stuck with essentially. This is why it is important to create your products in the right way when adding to WooCommerce, so you can work with them effectively longer term.
The basic product data you’re working with within WordPress includes the following details which all need to be entered with specific information as this determines how they display to the customer on the website.
Product Name: This is used to describe your product in a short succinct way. This data is used to generate your Meta Title (see SEO guide above), your Permalink (see below) along with your main Heading 1 tag on the page (see SEO guide above).
Permalink: This is the full website URL which is generated for the specific product such as, www.example.com/product/product-name-here/
Main Product Description: This is the main content which describes the product in as much detail as possible. The more detailed you can be with your product, the more visible your products will be on Google, the more information is provided to potential customers which can boost conversion rates and generate more sales.
Product Short Description: This is a section which often sits next to your main product images, it is the piece of content which is designed to provide key unique selling points about the product to entice customers to read further and ultimately purchase the product.
Product Image: This is the main product image which will be visible on the page when it is first loaded. This is also the image which will be used throughout the website when your product is linked to for example from the Category pages. Make sure it’s a good quality image and it is clear what the image is.
Product Gallery: The more high quality images detailing every aspect of your product you can add the better. Product with more high quality images often significantly out perform in terms of sales when compared with products with low quality images or lower number of images.
Product Categories: This is how your product is going to be categorised on your website. Think of a logical way to categorise your products, just in the same way supermarkets do. You wouldn’t find a fresh apple in the clothing section. Categorise your products by core areas to help your users navigate around the website with ease. If you want your product to appear in multiple categories, select multiple categories when adding your product to the website.
Regular Price: This is what you are selling your product for. Depending on how you have configured your WooCommerce settings, this price may include or exclude VAT so make sure you get this one correct.
At the basic level, this is the only information you need to add a product to WooCommerce in WordPress. Make sure you are as detailed as possible when adding products to help users in the best way possible.
Advanced Product Data
Now we’ll look at some of the finer details as WooCommerce is an extremely powerful platform for powering ecommerce shops. To try and keep this as simple to understand as possible, let’s look at the different product options based on the type of product that is being sold, whether that is a single item, a grouped item, an external or affiliate item, or a variable product. Each of these allows you to customise many options for your products to offer your customers the best products possible. When adding a product to WooCommerce, all of the following data is within the following section;
For simplicity, if a piece of information has already been discussed previously, I’ve omitted this from the data below to avoid repeating myself.
Simple Product
General Tab
SKU: This is your Stock Keeping Unit, the unique identifier which you can link to your own internal systems about the products you keep. This is a number that you can identify yourself. For example you may use something as simple as 001, 002, 003 or something much more complex. This piece of information is useful as your ecommerce store grows and you begin to add more products to the website. Customers may enquire about a specific product and being able to refer to the SKU can help you quickly identify what product they are talking about.
Sale Price: Everyone loves a discount, right! If you want to run a special promotion, here you can select what discounts you want to apply to the individual product. You can even schedule the discount to be only applicable between certain dates so you don’t have to remember to turn the discount on and off.
Tax Status: Tax is a complicated area which you need to discuss with your accountant and website developer to understand how this works for your business. With so many tax rules for businesses depending on who they are selling to and what they are selling, this is too big of a topic to cover here. The important point to note though is that you can edit the tax settings at the individual product level should you need to do this.
Tax Class: As above.
Inventory Tab;
Manage Stock: Select this option if you are using WordPress to manage stock levels. This can be useful if your WordPress website is your only point of sale for your products so you can be sure this information is accurate. The challenge over time comes when you are selling on multiple platforms both online and offline, stock management becomes a bit of a nightmare to get perfect which is a topic we’ll be covering in the future. If you do wish to manage stock levels for the product, simply tick the box.
Stock Quantity: Self-explanatory, i.e. how many of this product do you have in stock to sell
Allow Backorders: For many businesses, items which are out of stock are often only out of stock for a day or two. In which case you may prefer to allow backorders for products to generate the sale and post out as soon as the product is back in stock. This can often be better than losing the sale completely.
Stock Status: If you prefer to manage this manually, you can simply change the stock status from either ‘In Stock’ or ‘Out of Stock’ accordingly which can be useful should an item suddenly become unavailable or otherwise.
Sold Individually: This setting allows you to restrict the number of this specific item a customer can order on a single order. This can be useful for products you wish to offer to customers for free with their orders. For more advanced customisations related to order freebies there are other plugins and technologies to look at which significantly boost this functionality.
Shipping Tab;
Weight: Self-explanatory
Dimensions: Self-explanatory
Shipping Class: Within the main WooCommerce settings, you can customise shipping classes to make things easier to calculate. This can be very useful if groups of your products all fall under the same shipping category. In which case you can then simply select which shipping class they fit under and the price will be automatically reflected.
Linked Products Tab;
Up-Sells: Up-sells are products which will be recommended to customers who are interested in this product. This could be another product which is either more profitable which could be a very similar product with more features and functionality.
Cross-Sells: Cross-sells are products which are recommended to customers who are interested in this product. This could be a product which is often used with this product. For example if someone is looking to purchase a winter hat, then they may also be wanting to purchase a winter scarf which matches this one.
Grouping: This allows you to select if this product is part of a group of products which can be sold as a bundle. There are additional WordPress plugins which achieve this functionality which give you much more flexibility to customise grouped products.
Attributes Tab;
Name / Value: This data is used to create additional attributes for your products which could include items such as colour and size. For example, you would add a Colour attribute which included items such as Blue | Green | Orange etc. And then add another attribute which is for Size which included items such as Small | Medium | Large etc. This data is really important to structure correctly as this data can be used in the future to filter search results on pages on your website based on these attributes. Make sure you don’t include all of this structured data about your products within the main description only as this data isn’t filterable in the same way data within the Attributes area is.
Advanced Tab;
Purchase Note: This allows you to send customer specific information about this product once they have purchased which can be extremely useful if someone has purchased a product which may need additional information about how to set up for example.
Menu Order: Ignore this, there are better ways to arrange menus
Enable Reviews: Products with customer reviews significantly out-perform products with no reviews. Encourage customers to leave reviews of the products they have purchased which will then be displayed on the main product page.
Grouped Product
This product type allows you to create a product bundle which includes many products which can be easily purchased. The main problem is that this at the same price as if customers were to add them to the shopping cart individually. While this is certainly a nice feature, there are much more advanced plugins available for WooCommerce which allow you to create custom product bundles with associated discounts and special offers.
All of the settings within the Grouped Product type have already been discussed above.
External / Affiliate Product
This product type allows you to list products from external websites on your own website. This can be great if you are looking to run an affiliate based website which many small business owners do. When adding an External / Affiliate Product to your website, the purchase doesn’t actually happen on your website, the button on the product page simply takes the potential customer to the external website you specify which allows them to make the purchase directly with the product owner.
The couple of additional settings included with this product type include;
Product URL: This is where you want to send customers to when they want to buy the product. You may want to check that if you are an affiliate that you have the relevant affiliate ID included within the link you add in here should the technology require this.
Button Text: This allows you to customise the button text as people aren’t adding the item to the cart, they are essentially viewing more information about the product.
Variable Product
Variable products are where the more advanced features and functionality live which can help you truly customise your product page to do many of the things you have seen available on big brand websites. Again, many of the settings within here are identical to what has already been discussed so these have been omitted. The settings which are additional within here include;
Attributes: As previously mentioned, this could include Colour or Size for the product along with many other options which are relevant to the product you are selling. When using this, make sure you select the checkbox stating that the product attribute is ‘used for variations’, this is really important and is a prerequisite to the next step, adding Variations. You need to save the product attribute that you have created.
Variations: Think of product variations as a way to sell the same product with many different customisable options. Imagine ordering a pizza at a restaurant, £9.99 for a basic pizza. Add 50p for more chicken, add 50p for chilli sauce etc. It’s the same concept for variable products within WooCommerce. With variable products you can charge different amounts based on these different variations. For example, you may have a basic product with a variation of ‘{Product} with {Additional Feature X}’ which you can charge a premium for. You may not want to add this as a product in its own right as it is essentially the same product, so by using product variations it is possible to simplify this process to allow customers to select the features they wish to purchase for this product in a simple way. Make sure you add a Variation Description within here to explain to your customers how this variation is different than the main product or they will not be able to understand how this more expensive product is different.
Overall
In summary, adding a product to WooCommerce in WordPress is actually quite involved and is extremely flexible based on your individual requirements. Make sure you are adding in all of the relevant information for your products to make your life much easier in the long run as you build on the features and functionality on the website.
If you are having challenges with your WooCommerce WordPress website, get in touch and we’ll talk you through the options available to get you going in the right direction. WooCommerce and WordPress are complex systems which take a while to get used to.
The WordPress REST API Version 2 is brand new in the developer world which means that the documentation is extremely limited. Hopefully this can help a little for others trying to debug problems like this.
Posting comments to WordPress via the REST API Version 2 is actually relatively straight forward once you figure out how to do this. For those looking for a quick solution, using POST on the following URL will do just that, post a comment on this blog post you are reading right now.
Now for a few comments on the technical aspects to understand how this works.
Read the WordPress API documentation under the Create a Comment heading. As you will see, the documentation is minimal to say the least. It’s something the WordPress Core team are working on, so stick with it.
Essentially though, there are various query string parameters you can append to the request to send data into WordPress as a comment. It’s important to note that this is a POST request not a GET request. GET requests on this URL will not work. You need to use a tool such as Advanced REST client which allows you to POST data to API URLs which is extremely handy.
You will no doubt have debugging to do when you are first testing this as nothing ever goes to plan. Make sure you have comments turned on at the global WordPress level under the Settings > Discussions tab and also make sure that you have comments turned on for individual posts as sometimes these have been disabled. It’s always best to show these on your website too.
As with anything comment related with WordPress, make sure you are using the Akismet plugin to block any spam as this is a real nightmare on WordPress without Akismet.
There are lots of extremely useful uses for using this, we’ve been recently using this to post comments from a mobile app into WordPress which is used as a comment moderation system which means we don’t have to go and build that side of the functionality.
Make sure you are escaping the content which is included in the query string too and keep an eye out for any rogue spaces or special characters which may be breaking your POST request if this hasn’t worked. The usual things to check which you often miss J
When you successfully post a comment, you will see this waiting in your comment queue;
Then when you approve the comment you will see this displays correctly on your website as you would expect;
Have a go yourself. Customise the above URL with your own details and comments within the parameters and I’ll publish any successful comments. This handy URI Encoder / Decoder tool may come in useful when writing a comment or your name if it includes spaces or special characters, something I haven’t got around to migrating over to this site just yet.
Parallax design is a trend on many websites at the minute which can often give a classier feel to any website design. There are a few things you should know about it as this impacts the different styles that you may or may not like related to parallax design. Before we look at some of the considerations, let’s just compare this with a few examples of how this can look in practice.
Non-Parallax Design
Above you will notice nothing happens as you scroll. This is just a standard image.
CSS-Parallax Design
Above you will notice how the image stays steady as you scroll, which reveals a different part of the image as you scroll.
True-Parallax Design
Above you will notice how the image moves as you scroll and so does the part of the image you are viewing.
Working with Parallax Design
When working with Parallax Design, there are certain aspects to consider. Specifically the underlying technology you are using on your WordPress website or other front end framework. Depending on the underlying technology you have in place will depend on how simple or difficult this type of effect will be to implement on your website. Always consider the underlying technology choices to give you the most freedom when wanting to add cool effects like this to your website. When working with poor technologies, often your only choice is to look at rebuilding a website from scratch. When working with good technologies, you can implement this style on various parts of your website with ease, just as we have done here to highlight the different options available when working with the right technology.
Being part of Manchester Digital, we get access to exclusive events talking about the serious changes in digital and current trends. We recently attended an event talking about online fraud and cybercrime, and honestly, this is much more serious threat that most businesses even realise.
At the event we heard from DC David Stott from Cheshire Police force and Raoul Charlett, a Complex Fraud and Corruption Investigator. Talking about cybercrime and fraud proofing your ecommerce business. Also speaking was Gareth Williams from Metapack who covered various tips and advice about how businesses can protect their-self online.
Traditional Business Fraud
Some of the more common business related fraud relate to long term frauds within organisations, invoice diversions and even internal fraud related to BACS, accounting and false invoices being processed. These clearly have serious consequences for businesses beyond the obvious monetary costs. From data loss, disruption within your business, the branding and PR nightmare if this information gets released and more.
What is more worrying is around the lack of capability for a lot of digital fraud to be investigated. As you know, the UK has borders and so does the capabilities of the law enforcement organisations who can pursuit such fraud. Typically speaking, a lot of digital fraud is instigated overseas which means that the efforts involved in bringing criminals to justice required a lot of work and often never actually happen. This is a huge issue for businesses, particularly those running ecommerce websites as you can lose a lot of money in the process with little chance of getting this back.
Data Commissioners Office
One point reiterated at the event was about how all organisations storing personal information that is used for specific purposes must register at the Information Commissioners Office. If you aren’t sure if you need to register, then it is recommended to complete the self-assessment on the website, and if you do need to register this is only a nominal fee of £35 per year.
With data breaches on the rise, it is essential that businesses treat data security seriously as it is a criminal offence if you don’t do this and are required to do so. Over recent years we have seen literally billions of customer details stolen from only a small handful of companies storing personal information for their customers.
Digital Fraud and Cybercrime
Moving onto some of the more modern frauds that happen, it is often the ones you may not even have thought about, yet are a serious problem for businesses. We are increasingly speaking with clients and other businesses about how to mitigate the risk for their businesses related to cybercrime and we are able to provide key recommendations on this topic.
Intellectual Property Theft
How secure is your intellectual property within your business? As a digital organisation, your intellectual property isn’t likely to be in the form of manufacturing processes, secret recipes, physical designs or some of the other traditional areas that you would generally relate to intellectual property theft.
When looking at digital businesses, how secure is your data, your databases, your software code and other sensitive information about your business, your customers, products and services? In our experience, for many small to medium sized businesses, there is often quite a significant opportunity for fraudulent activities and cybercrime to take place due to lack of procedures, understanding and internal training.
Hardware Security
This is way beyond our level of expertise at Contrado Digital, although we like to keep our ears open to the news related to hardware security. Specifically around open source and freely available software called Reaver which is designed specifically to hack into WiFi routers using WPS, WPA and WPA2 passwords using a brute force style attack.
To keep this into perspective, once someone accesses your internal network, they often have access to a wide range of other data within your business if your data isn’t locked down and secured well. This is beyond simply having a more secure password on your router, this comes down to how you and your staff access the files, data and systems within your organisation. To the point that you not only have the internal security of only allowing access to data from an internal IP address, but also only allowing access to data for staff who have the authority to view this data, regardless if they are within the internal office IP or not.
Systems Prevention
There are a lot of technical ways and some common sense methods which you can use to protect your business from cybercrime and online fraud. Have a think about some of these questions to see how they relate to your own business;
What is your fraud policy?
How are individual members of staff managed in terms of the data they can access?
Do your staff understand how Trojans, malware and phishing scams work, specifically related to clicking links and opening emails from unknown sources?
How do you mitigate risks from updating your accounts, specifically related to invoice fraud?
How do you investigate new customers to check that they are genuine? A note on this topic is that you can be legally responsible and open to jail time if you have not performed detailed enough checks and your customer ends up being identified as part of a criminal organisation. This could have serious implications for your business
How do you thoroughly vet new and existing members of staff? This sounds obvious, but have you spoken to their references?
A note on background checks related to companies is rather interesting, as the data that you will often be researching on freely available company check websites and companies house is only as accurate as the data that is entered by the company. This is really important to understand because this data does not state that the data is accurate, the information you see on these services states that this is what the company has said is accurate. This can be significantly different, particularly when online fraud and cybercrime is taken into account. Do you honestly believe a companies that is not legitimate would submit legitimate data? The same applies when another company could be created with a very similar name to your business which could confuse people trading with you, or you viewing another company.
An interesting service that was recommended included WebFiling Protected Online Fraud (PROOF) which helps companies, i.e. yourself, safeguard your information and protect against corporate identity theft and fraudulent filings. The short video below explains this in more detail;
Another check point discussed was The Gazette which allows you to check company information from an official source. When checking details of a company you are either working with currently or about to work with, it is essential to check through as many sources as possible to get a good understanding of who you are working with.
Hackers for Hire
Thinking hacking and cybercrime isn’t that much of a threat? Think again. There are services popping up such as HackersList which allows you to actually rent hackers for a specific project and pay for their services. And this is just the public face of what is happening. Within the underground there is an awful lot more happening that most people simply aren’t aware of.
Hacking is always seen as this big bad term, yet often hacking isn’t that difficult. Hacking can be extremely simple, particularly when companies employ sloppy web developers and leave their customer details wide open for anyone to access. This isn’t difficult for anyone to access with half a brain cell and a small bit of technical knowledge. This isn’t cyber criminals working away, this can be simply equated to finding a hidden link on a page that happens to be the same colour as the background. The technicalities behind this aren’t much more complex than that.
London Met Fraud Advice
The London Metropolitan Police are very much leading the way when it comes to cybercrime and security prevention in an official sense and have a very valuable website on the topic to help individuals and companies protect their-self. If you aren’t too familiar with some of the basics of protecting yourself and your business, I’d suggest you spend a bit of time researching this and understand what you can do within your own business.
MetaPack
MetaPack is a service designed to track ecommerce deliveries from end to end while looking to reduce fraud at every step of the process by using smart technology. Interestingly, 80 of the top 100 online UK retailers use MetaPack which managed around 50% of the online orders in 2014 (excluding Amazon).
Another interesting fact is that between 1-3% of sales are classified as Goods Lost in Transit (GLIT) which is actually an extremely high amount when you think about the scale of online orders within the UK, some of the highest per capita in the world. Some of the common problems related to this simply comes down to different departments within larger organisations simply not talking to each other, whether this is people or systems, think sales, website, warehouse all using different spreadsheets, databases and platforms with no centralised system.
A prime example of this is for items with a higher value which is often simply not worth the ecommerce retailer collecting the item from the customers. Imagine, as a fraudster, ordering a bathroom suite, 5 items, from 5 companies (bath, toilet, bidet, tiles and basin). When each arrives, calling each company to inform them that the item has arrived damaged. Then when they ask if you would like another item delivering, you say no and they simply issue a refund without ever collecting the apparently damaged item from you because it is too expensive to collect or verify. This is clearly an issue if you don’t have the correct procedures in place for your business and happens more than you could imagine.
Officials
While I hate to say this, the authorities are too slow to adapt to the changes within digital to keep up with the ever changing technologies, threats, knowledge and information with an ever decreasing budget for public services. When you compare the resources and knowledge the official sources have on cyber security and online fraud in comparison to what is actually happening, this is worrying. To the point whereby Stuxnet managed to go unnoticed for quite some time. If you haven’t heard about this, read up on it if you don’t want to sleep at night.
This is going to change over time within the authorities, although as a business you need to take responsibility and protect yourself to avoid any serious issues within your business.
Website Security
Online fraud and cybersecurity covers a lot of topics from user behaviour, training, IT hardware, physical security and more. This blog post isn’t designed to be a resource covering all of these topics, instead more of a warning to companies to take online fraud, cybercrime and security seriously.
We do our part related to website security which is why we offer services designed specifically to help businesses manage their online security through our WordPress Security and Maintenance packages along with providing industry leading web hosting solutions for small to medium sized businesses.
Summary
Online fraud, cybercrime and security needs to be taken seriously by businesses within the small to medium sized range. Do not take the threat lightly and assume that it will not happen to you. Cyber criminals will be targeting non-corporate businesses as these are the businesses who often have the least security policies in places throughout their website and internal procedures.
If you would like to talk through how business could be impacted, get in touch to discuss your specific business needs and how we can help protect your business.
Well Tuesday was a fun evening watching someone relentlessly try and hack into the blog. Thankfully, they didn’t get in. Seriously though – why? Go & waste your time somewhere else instead of trying to actively cause harm. Anyway, I thought it was worth covering what this looks like on a WordPress blog and how it could quite easily have turned into a distributed denial of service attack (DDoS) due to the way it was being done. And I guess the most important bit, how you can prevent this type of attack on your WordPress blog with the help of a simple plugin, which thankfully I had installed already.
The Cool DDoS Hacking Attack Visualisation
While I’m sure all of the information in this post will be useful, by far the coolest bit is the fancy visualisation that I was able to create with some handy software. Feast your eyes on this;
The above video shows the attack trying different passwords/usernames on wp-login.php by attempting to force access by guessing the password. The video is just a small snapshot of the attack which was happening for almost 9 hours on and off, I guess someone had the afternoon off work then…
The Data
Being a bit of a data geek, I couldn’t resist the opportunity to dig into this a little deeper. Below shows the number of requests per minute between the time the attacks started to when they finally gave up.
(click for larger graphic)
While these figures aren’t enormous, when the blog isn’t on enterprise class hosting this can slow the website down and more than anything it is just a bit annoying.
Why A DDoS?
Why is this attack different than someone just simply attempting to guess a password? Well, this person is clearly well equipped with a bag full of IP addresses. I’ll explain about how to prevent your WordPress blog being hacked via this method a little later, but what I can say that if it wasn’t for the plugin that was installed, this could have been a lot worse.
Another beautiful graph showing the number of attacks per IP address (this is only a selection);
(click for larger graphic)
I’ve not posted the IP addresses fully as, unlike the people doing this, this isn’t right as they could be hacked computers where these requests were coming from. In total there was 268 IP addresses used during the attack, which is quite considerable! The average number of attacks per IP address was at 12.38, which was no doubt limited by the plugin that was installed to stop people attempting this type of hacking attempt.
How to Prevent a DDoS Hacking Attack on Your WordPress Blog
Do you have a WordPress blog? Then I seriously suggest installing a plugin called “Limit Login Attempts”. What this plugin does is, well exactly as you an imagine, it limits the login attempts based on the users IP address. If someone guesses your login details incorrectly for 2, 4, 8, 12, whatever, number of times then the IP address will be blocked for a set period of time. This type of plugin can further block IP addresses longer term, all automatically, if the same IP address keeps coming back and trying again.
Had this plugin not been installed, I can’t imagine how many requests all 268 IP addresses would have tried during this period. While this was an interesting experience and has produced a cracking visualisation, I hope it doesn’t happen again either to me or anyone else.
Awesome, then next time you're looking to procure digital services, keep us in mind. We provide these blog posts to help people and companies like yourself with common problems and challenges.
Better yet, subscribe to our monthly newsletter below so you'll always be updated with the latest digital news that is relevant for yourself.