Blog stats and security

Status
Not open for further replies.

Wayne

Tempus faciendi, Domine.
A few questions for the technological intelligentsia here:

The PCA Historical Center sponsors a blog, This Day in Presbyterian History, and I've recently added some plug-ins to get a better window on the stats for the site.

Questions arise as I review those stats after the first full day of service:

1. Why does the stats program for WordPress.org report fewer visits than are being shown on these plugin statistics programs? (I installed two, for evaluation purposes)
The easiest explanation (a guess) is that WP is showing visits, whereas the plugins are showing page views.

2. Why would one page in particular get multiple visits, often minutes apart, from one or more people? Specifically, the October 1st post on the site, and in one case, the IP address hit that page ten times in the course of an hour or less.
Actually, it's not just one IP address but variations of the same root (the final set of numbers in the address varies). The report indicates that it is the page that is being visited, not the comments section. I used to have quite a problem with spam, until I added a Captcha login for comments. That addition eliminated the spam problem, though I would imagine attempts are still made.

3. Most troubling, since 22:42:43 last night, I've had over twenty-four direct visits to the login page for the blog, all from the same IP address. Visits are generally 25 minutes after the hour and 45 minutes after the hour.
This appears to me as if someone is trying to hack into the site. Thankfully (I think), I have a fairly robust password (17 characters). Running a WHOIS on the IP address gives a location of the Ukraine. In that report the service provider gives a note as to where to report abuse, but I'm not sure that would do any good. I initiated the plugin at 10 PM last night, but the first of these login attempts (if that is what they are) only appears at 11:42 PM, so I think that's the first such attempt. Had there been one or two earlier, in the 10 o'clock hour, I could safely assume that this had been going on well before the plugin was installed and the reports generated.

UPDATE: Digging further, that IP address turns out to be one of the top 25 malicious IP's, according to http://www.projecthoneypot.org/list_of_ips.php
I guess the big question is, after a while will they just move on and leave me alone? It would take quite a while to break a 17 character password, after all.

UPDATE2: The continuing saga: Trying to add some additional security, I installed yet another plugin, "WP Better Security" (as made available on the WP site). All was well until I clicked to move everything over to SSL status, at which point I can no longer access the site (nor can anyone else, apparently). I did secure a database backup prior to these changes, but havent yet figured out how to institute that.
Comments?
 
Last edited:

Jerusalem Blade

Puritan Board Post-Graduate
I can't answer your questions, Wayne, but it certainly goes to show that we must have robust passwords for our blogs / sites!
 

daniel.vos

Puritan Board Freshman
Hi Wayne,

I work with WordPress all the time and have gotten through similar sticky situations. If you're still having trouble, feel free to contact me via my website (see signature), and I'll see if I can help.

Thank you for your work at the Historical Center, by the way!
 

Wayne

Tempus faciendi, Domine.
Daniel

Thank you. I appreciate that. In God's providence, another generous fellow had already offered to help, and has made many, if not all of the needed changes earlier today. I am very grateful for his help.
 
Status
Not open for further replies.
Top