by Michael O'Neill | Apr 15, 2013 | Uncategorized
So, there’s plenty of news about the 90,000 node bot that’s currently trying to gain admin access to WordPress sites by brute-force guessing admin passwords.
There are a number of things you can/should do to harden your site against this type of attack…the most important being to USE STRONG PASSWORDS!
I installed the Limit Login Attempts more out of curiosity. I’ve seen it recommended in a number of places, but was curious what it would do against a 90,000 node bot. Seems to me like it wouldn’t be that effective…
Still, moments after installing, I get this report:
90,000 nodes on the bot trying to brute force passwords for WordPress. This is what I see after installing the Limit Login Attempts plugin…
Each lockout stops an IP from logging in (or trying to) for 20 minutes. After 4 lockouts, you’re banned for a much longer amount of time.
Not the best solution, but it at least shows me that I’m being targeted…
If you host a WordPress site, you really need to make sure you are using strong passwords for your admin accounts. There are also a host of other steps you can be taking to harden your site against attacks.
Please add good resources in the comments!
Plug-ins Worth Considering
- Limit Login Attempts – Probably a useful plugin in general, but of limited utility against a botnet composed of 90,000 nodes…
- Better WP Security – This one looks kickass and I see it recommended frequently, but make sure you have solid backups and have tested recovery before throwing it on an established site. …And yeah, read the manual first.
In The News
by Michael O'Neill | Apr 11, 2013 | Uncategorized
So, I’ve kind of orphaned a whole slew of side projects (including this blog) lately while I worked on spinning up another blog to test some SEO, content strategy and audience building approaches I’ve had rattling around in my head for a while.
It’s something I’ve been working on in my spare time for a bit over a year, and I just wanted to do a quick retro and reflection on where I’m at. It’s not a huge deal, but I’ve passed a couple of personal milestones that are worth noting:
A Week of Site Traffic of ~250 Visits a Day
Seems like nothing, right? Well, what makes this special to me is that I built this from scratch. In my spare time. The world is a lot different when you have no existing brand, no guaranteed traffic, and no time to invest in generating either. Nothing.
Transparent red line indicates relatively sustained traffic at or above 250 visitors a day.
Broke Through the Google Webmaster Tools 50,000 Impressions Ceiling
I was stuck at 50,000 impressions (exactly) for so long that I’m convinced Google has a throttling mechanism in place. I suspect site age has something to do with it.
In April, I finally broke through the 50,000 impressions ceiling.
Identified the Reddit Effect in My Analytics
Reddit is notorious for driving mad traffic to unsuspecting websites. After careful scrutiny of my analytics for the last year, I was able to tease out correlation between visitors and having a post make it to the front page of a smallish (50K subscribers) SubReddit. Can you see it? 😛
If you look closely and use your imagination, you may discern the Reddit Effect.
And of course, there’s more…
Some Things I Have Learned
Some of what I’ve learned over the past year kind may seem obvious in retrospect, but kind of surprised me as things were progressing…
- Starting from 0 is a different game than taking over something that already has momentum.
- Branded search terms have very little value. People searching for my site name are always going to find my site name. What has value is driving traffic for keywords related to the subject domain of my site.
- My highest performing posts are longer pieces that dispense with the advice about brevity, bullet points, etc. Readers don’t appear to be afraid of a lengthy post so long as it helps them answer a question, provides them with something of value.
- The project will consume all my time if I let it. I need to do a better job balancing my after-work time between my projects and my friends and famly.
- This is the most fun I’ve had in a long, long time.
