cracked login WordPress
Someone is getting in my website to put comments without my approval. I am the only one who have the password. I have changed my password but he has succeeded to do it again.
Can someone help me?
Answers (9)
Romel Apuya answers:
this can help you
[[LINK href="http://code.tutsplus.com/articles/11-quick-tips-securing-your-wordpress-site--wp-22446"]]http://code.tutsplus.com/articles/11-quick-tips-securing-your-wordpress-site--wp-22446[[/LINK]]
i can help you too..
Giri answers:
Hello there, no one cracked your login page. You are getting those comments because of bots. Please make sure you activate "Askimet" plugin to prevent comment spam.
https://wordpress.org/plugins/akismet/
PS: you don't need an account to post comments in WordPress. Just an email is enough
Navjot Singh answers:
Use[[LINK href="https://wordpress.org/plugins/antispam-bee/"]] AntiSpam Bee plugin[[/LINK]]. It can stop most of the comment spam easily. Works better than Akismet.
Navjot Singh comments:
If you are worried that your login information is compromised which might not be the case since you are just getting spam comments, then you should install plugins like https://wordpress.org/plugins/login-security-solution/ and https://wordpress.org/plugins/limit-login-attempts/
These take care of any malicious attempts to login to your blog. Also make sure you are not using 'admin' as a username.
Abdelhadi Touil answers:
Hi.
You should make comments in moderation before publishing them. Are you sure that comments are in moderation before publishing them? You can verify that via Settings > Discussion > Before a comment appears, and then verify if "Comment must be manually approved" is checked.
You can find detailed information about this option here:
[[LINK href="http://codex.wordpress.org/Settings_Discussion_Screen"]]http://codex.wordpress.org/Settings_Discussion_Screen[[/LINK]]
It's necessary too to use an antispam plugin, and I recommend this one because it's easy to setup and efficient:
[[LINK href="https://wordpress.org/plugins/fv-antispam/"]]https://wordpress.org/plugins/fv-antispam/[[/LINK]]
You can also protect your website by limiting login attempts using this plugin (It's old but still working very well):
[[LINK href="https://wordpress.org/plugins/limit-login-attempts/"]]https://wordpress.org/plugins/limit-login-attempts/[[/LINK]]
Good luck!
Dbranes answers:
I guess you don't want comments at all on your site?
If that's the case then it's not enough to remove the comment form, from the theme.
You could then disable all comments, with for example:
[[LINK href="https://wordpress.org/plugins/disable-comments/"]]https://wordpress.org/plugins/disable-comments/[[/LINK]]
Arnav Joy answers:
you can also try this in htaccess
Just add this to your .htaccess file and replace the “youurl” with your blogs URL
# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.yourwebsite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>
you can also try this plugin
https://wordpress.org/plugins/stop-spam-comments/
Ian Lincicome answers:
Let me know if you would like to simply remove all comment ability from your site and I will gladly do it for you. If the ability to post comments is completely gone, it will definitely solve the problem, but I can also tighten up security for you a bit to be safe. -Ian