I've had similar issues with several wordpress installs.
Some of the less known issues I found that can add to this problem:
Spiders/Indexing Bots Brute Force Login Attempts Hidden Hacked Pages
Helps to look at logs sometimes, if you get hit with all three of the above at the same time, it's a tricky mess to clean.
You may find relief making an aggressive noindex robots.txt file (there are tons of bots to block which are worthless and use up your resources. - it may be best to say * disallow all, then specifically allow google, bing, etc (would love to find a way to tell archive.org it's okay in that situation))
Even when doing the robots block, I've found some aggressive spiders or bots that use some of their user agents need to be blocked via ip subnets and cidrs with htacess for example.
Brute force login has many options for slowing down access. I love a combo of ipgeo block, sucuri, graphic captcha, shield security
plugin for disable xml-rpc or use the setting for such with the shield security plugin (this blocks massive login attempts) to block all xml-rpc use.
Hidden Hacked Pages If you find bots spidering a bunch of product pages for things in other countries in your logs for example, you may have been hit with a bunch of pages being created that you may not see on your may front end, or even in the backend admin area of your site.
Removing those pages is a start, and then a plugin like 404 to 301 redirect may be beneficial - but you will likely find a bunch of bots coming to index them, and other hackers who have been sold access to your site trying to login and make more of them.
For me it was more log checks and looking up ips to add to the server block lists to slow it down. Just make sure you don't add google's or bing's ips to the list.
With a few sites I had that got some of these issues I decided to pull down wp-login.php - and in an effort to lighten up the load on the shared server, I decided to use one of the plugins that make wordpress into a static site (there are two good ones in the repo now)
Once I generated the static html and css, I created a new wp-login.php that would log all ips and user agents / date to a separate text file, and display a message on the screen warning the visitor hacker that I was casting a spell on those who access the login page.
The amount of bots trying to login, and trying to access the old hacker-created-pages that were made over a year ago is still crazy. Their bots are still coming and trying the same login page and trying to access the same pages that have been removed over a year ago.
If I had left those pages available as php pages, each one of those visits would of been taxing my sql, even if they were showing the wp 404 page, or failed login.
I hope your issue is simpler, like a bad plugin. Certainly I've run into that issue with other problems not related to these as well.
from Hacker News - New Comments: "WordPress" http://bit.ly/2DQvpQH
via IFTTT
No comments:
Post a Comment