I have been involved with the internet since the mid-90s and there are a number of things I do not understand. The most puzzling to me is the motivation of a certain class of hacker. This individual spends his time and his efforts in a digital version of driving the neighborhood looking for an open front door. Some are “script kiddies” and others are sophisticated individuals or groups.
According to Wikipedia a Script Kiddie –
In programming culture a script kiddie or skiddie (also known as skid, script bunny, script kitty) is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks, and deface websites.
Another class of hacker is the thief who’s plan is to profit by stealing data and selling it. We see these in the news from time to time. Think Target’s problems last holiday season. A large volume of credit card numbers and other identity fragments will be pilfered and be sold to different individuals or groups … each with their own agenda. This type of hack is usually automated…not some individual setting at a screen poking at the internet. That is the type of attack that is occurring on one of my sites.
On one of my sites I have a current version of WordPress and all plugins are up-to-date. I have Wordfence installed and the number of failed login attempts set to 10 before the user is locked out for 30 minutes. Further the user name “admin” has been deleted and replaced by a more cryptic one (a practice I employ on all sites I create or manage). In the last 24 hours I have had over 120 sessions where someone is locked out of my login screen for exceeding the number of attempts. In every case they are trying to login using the user name “admin”. They are most likely automated attacks and they are coming from all around the globe. They are coming from Russia, Canada, USA, Malaysia and unfortunately even France.
My advice is that if you have a WordPress install that has the user name “admin” delete it after creating another identity. By doing so you will be doing the single best, most effective thing you can do to harden your site to hackers. We will never agree with the hacker’s motives and many we will never understand but I tell you this … they are coming and they will try to get into your site and they can have success if you don’t do this one simple thing. Even an old site that you have abandoned can be useful to them.
Web design is important as is good SEO but keeping a site safe from misuse is becoming a more important part of my job with each passing day.