The most common attacks you discover while starting a new website are spam comments and website hacking.
This is because most of the bloggers concentrate on website designing before they start concentrating on security.
The moment your website is launched, it is targeted by spammers and hackers who try to identify vulnerabilities and start attacking your website.
In order to protect your site, all you need to do is to add security layers to your site. This means if one plugin fails to block them, other plugins will do the job.
There are many great plugins in WordPress to protect your site, so you need to customize those settings in order to prevent your site from attacks by spammers and hackers.
Protect Your Site From Spammers And Hackers
Spammers and hackers are skilled programmers who break into other websites so as to modify and steal the content. They visit your site to check for and identify vulnerabilities.
Since they do not invest much time on your site, it will result in increased bounce rates.
It would be more difficult for you to identify spammers and hackers if you are new to WordPress and your site can be easily targeted.
Customize Your Firewall Plugin
There are a lot of Firewall plugins that will help you to protect your site in WordPress. However, if you do not customize the options, it would be of no use since basic settings of all security plugins are not just enough to protect your site.
Wordfence Security is one of the best firewall plugins in WordPress using which you can customize all settings from the options menu. The most important setting you should customize is ‘404 errors’.
What Is 404 Error?
So, what exactly is a 404 error? 404 error means, the page you were trying to find does not exist. If someone is hitting more 404 pages, it means somebody is trying to find vulnerabilities in your site. Hence, you need to customize 404 errors in your security settings.
In order to customize this, you need to confirm that your site should not contain any broken pages such as broken images and broken website links. They are shown as 404 errors to the visitors when they try to access such links. Hence, you need to check for 404 errors on your page.
There is an option to block 404 errors to a specific time in your security settings. You can increase the blocking time for the IPs who hit more 404 pages. Choose maximum 404 error limit to 3 or 4 and block users for a specific time.
Check whether the same IP is trying to hit more 404 errors even after blocking. If the same IP is trying again, then you will receive an email informing that the particular IP has been blocked for the time you fixed which is associated with your plugin. Block them permanently to protect your site.
Protect WordPress System Files
Your WordPress system files hold key information of your site and if you do not protect them, they can be accessed by the public and hackers or spammers can enter your site quite easily. So you should protect system files and prevent public access to readme.html, readme.txt, wp-config.php, wp-includes,.htaccess, WP-admin, etc. You should also disable PHP execution in the uploads directory.
Block Hackers Manually
Yes, you can block all the hackers and spammers manually easily. Almost all hackers want to get into your site and want to take control of it. So, they will target WordPress system files i.e., Wp-admin.php, Wp-content, Wp-includes etc.
The best way to protect your site is by protecting these folders by a password thus protecting the login page or you can change the login URL to custom URL. You can install daily stats in your site and check the IPs who tries to target the following areas of your site like
If you see anyone who tries to access these areas, it means that they are either spammers or hackers. All you need to do is block all users who try to get access to these locations.
You can identify such IPs through Analytics Stats Counter Statistics plugin dashboard where you can see all IPs and the URL they are checking. You can block them manually by blocking their hosts and their IPs from your security plugins. Both Wordfence and iThemes security provide manual blocking of IPs.
Note: If you are using Dynamic IPs, then you should also check your IP since it will also be shown in the monitoring. Hence you should check your IP before blocking it.
Block Spammers and Spambots Manually
If you want to block spammers from accessing your site permanently, then you can block the IP of the spammer.
CleanTalk websites provide you a list of IPs of such spammers who spam other sites. You can check IPs who tries to post spam comments on your site. Though everyone use antispam plugins to block comments, Spambots would still comment on the post multiple times if your antispam plugin is not updated.
More spam comments on your spam folder also mean more tables thereby slows down your site. The only way to block Spambots is by installing Google ReCaptcha which will stop all bot attacks.
If you want to block a spammer, make sure you check the IP in CleanTalk by antispam and block the IP if they are trying to spam your site. Usually, spammers target old articles and posts with trackbacks and pingbacks, so disable trackbacks and pingbacks from your site.
CleanTalk also provides a list of IPs who tries to spam other sites daily. This will help you if someone is posting more spam comments in your site and you can block such IPs manually.
This is one of the reliable ways to protect your site along with security plugins. Make sure you update them on a timely basis.