Attacked? Our server security blocks anyone who tries the wrong password too many times. But what if a villain guesses it right before being blocked? Your cpanel tells you if you are being attacked.

CHECK: cPanel > Metrics > AWStats >

Monthly history:
Unique visitors and Number of visits:
If the Number of visits is a lot greater than Unique visitors it could mean:
All your visitors are returning to the site several times a day (unlikely), or
Villains are using automated guessing programs trying to enter your site to install malicious software.
e.g. One of our sites showed monthly Unique visitors around 2,500 and Number of visits an unbelievable 11,000.

Scrolling down AWStats see:

Pages-URL (Top 25)
If these have unlikely high numbers then it’s the villains.
wp-login.php
xmlrpc.php

Locales (Top 25)
Top should be Australia.
If you have hordes of visits from Russia, China, etc. they are mischief.

THEN: cPanel > Metrics > Visitors
If the same IP address is trying wp-login.php many times a minute then it’s an automated guessing program. You can block an IP address but villains will just switch to another IP.

What you can do?

  • Install security plugin Wordfence, in case villains guess right before they are blocked. Genuine traffic numbers will then show.
  • Have a long secure password containing lower and upper case letters, numbers and symbols (+*!$…)
  • Use File Manager to remove the file xmlrpc.php. You never use it.Wordfence includes an endpoint firewall and malware scanner that were built from the ground up to protect WordPress. Our Threat Defense Feed arms Wordfence with the newest firewall rules, malware signatures and malicious IP addresses it needs to keep your website safe. Rounded out by 2FA and a suite of additional features, Wordfence is the most comprehensive WordPress security solution available. Give yourself peace of mind and sleep well at night.

attacked