I almost got hacked

I run a number of websites, and I mostly used WordPress. It is fast and very easy to use and there are a ton of plugins available to enhance your site. One plugin I always install (and believe should be a part of WordPress core) is Better WP Security.

Several times, I have benefited from using the plugin. Today, once more, I received a benefit of using this plugin. There is a massive attack on wordpress sites now and every webmaster using this blogging tools needs to step up their games, especially in the concerns of security.

I suddenly noticed a spike in my unread email count – from 4 to 85 within a minute and I realised that one of my sites was under attack again.

I checked my email and I saw this:

wordpress-alaert01

These are the alert emails sent by Better WP Security when it fends off an attack. Lagos Scholarship board website was under attack. This wasnt a DOS (Denial of Service), this was a scripted attack from a single computer. Probably a script kiddie using automated tools. An example of one of the emails is shown below:

wordpress-alaert02

The script attempts to use several SQL injection variants to gain access to the site. Lucky for me, Better WP Security was on hand to fend them off. The first time I noticed attacks of this nature, I could 76 different trials, now the number has risen to over 180. Maybe one day, one of them will succeed. Maybe not. Hopefully, not! But we wait and see.

Whenever, I notice these emails, I open up the site immediately and keep checking to know if any attack is successful. I go through my file permissions, and my core files. I check for changes. Still, I am safe, for now.