StudioPress Community Forums

StudioPress Community Forums (http://www.studiopress.com/support/index.php)
-   General Discussion (http://www.studiopress.com/support/forumdisplay.php?f=7)
-   -   Recommend a site activity monitor plugin? (http://www.studiopress.com/support/showthread.php?t=124368)

Collins 11-13-2012 10:15 PM
Recommend a site activity monitor plugin?
 
I'm getting reports of some missing images and some posts reverting to draft state. I know this is not really related to Genesis, but was wondering if anyone uses any type of plugin that sends an alert whenever any type of activity occurs on the site.

andrea_r 11-14-2012 06:56 AM
There's a bunch of them available to track user activity.

Have you talked to your web host?

Collins 11-14-2012 07:24 AM
We host on our own dedicated server and have installed ThreeWP Activity Monitor (http://wordpress.org/extend/plugins/...ivity-monitor/), plus added directory-level authentication, but we're still seeing hundreds of brute-force hack attempts everyday. I'd like to accomplish the following:

1. Protect wp-admin from hack attempts.
2. Set up some sort of alert system for certain activities in admin.

Collins 11-14-2012 07:42 AM
More info on this... We're using 3.2.1 and are in the process of upgrading to 3.4.2. I wonder if there are any security measures inherent with the update that'll help resolve these hack attempts.

andrea_r 11-14-2012 07:43 AM
Having run my own server.... that's in the range of normal, actually. :-/

There's a Login Lockdown plugin as well.

Collins 11-14-2012 07:46 AM
Quote:
Originally Posted by andrea_r (Post 621524)
Having run my own server.... that's in the range of normal, actually. :-/.
I'm not sure what you mean. Can you clarify what you mean by the statement above?

andrea_r 11-14-2012 08:40 AM
Quote:
but we're still seeing hundreds of brute-force hack attempts everyday.
That part? I was saying this part is normal when you are running your own server.

It may or may not have anything to do with what you;re seeing in the backend.

Collins 11-14-2012 10:40 AM
There should be a way to reduce this down to zero.

andrea_r 11-14-2012 11:06 AM
Not with the thousands of bots sniffing servers looking for WP installs.

Even if you could block the bots, you can;t block a real person visiting your site and just attempting that manually.

Either way - you still have no idea if it is even related to things changing in the admin area. That;s a separate issue entirely.

Collins 11-14-2012 11:34 AM
Something I've done with osCommerce is to change the directory name for admin, and add directory-level security. For the directory change in WP, maybe changing wp-admin to site-admin would help?? Definitely getting rid of the admin user account helps, because that's the username our hacker is currently using.

andrea_r 11-14-2012 11:48 AM
I always keep the admin username with a super strong password.

I have seen hacks where if the username was not in use, they created a user named "admin".

your bigger risk for entry is unsecure plugins and scripts on the server.

Collins 11-14-2012 01:12 PM
How can they create a user named "admin"?

andrea_r 11-14-2012 02:20 PM
There are some hacks where a hacker can programatically create a user.

They just pick the "admin" username.


All times are GMT -5. The time now is 09:56 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.