This map shows live hacking attempts on WordPress sites from around the world. WordPress powers one in six websites on the web today. Even more amazing is that all the power of WordPress itself is provided for free!

Protecting sites from hacking

Some of the same features that make WordPress so versatile – simple updates, remote access and oodles of plugins – also make it a walking target for hacking. One strategy is to harden your site using technical changes that affect how easy it is to break into your site. All of our sites are hardened with current standards and we also use a couple of security plugins.  One of my favorites is Wordfence – used  to track and block out hacker attempts and scan files for corruption.

Scammers love Classifieds

The Surfski Racing from Coast to Coast site has about 30 visible hacking attempts a day! Part of the reason is it is a high traffic site but also because we have free classifieds that allow sellers and potential buyers to communicate. The classifieds greatly increased our legitimate traffic from 200 a day to about 600 a day, so it is well worth the extra vigilance.  The site is so tempting to hackers that we had to implement Wordfence’s paid version to add more sophisticated country blocking. As hackers jump from IP to IP, blocking an entire country can be an effective way to cut down on malicious traffic.  In the case of Surfskiracing.com, we blocked several countries including  most of the Asian Islands.  We then received a request from a person who lived on a small private island to allow access so they could peruse the classifieds. We debated the “scamminess” of that request and decided to allow access for 24 hours.  Still many attempts come from IP addresses based in the USA.  Ohio has a large amount of suspicious activity on our site.  Another effective technique was to subscribe to an IP tracking service which allowed us to rapidly see which visitors were responding to ads in suspicious ways and then block their IP via Wordfence.  We have been very successful at cutting down on classified scams.

Overpayment, the New “Nigerian Email”

Amusingly, one of the scams used in the classifieds is for a scammer to pose as a buyer, send an overpayment, request the excess be wired back, all before the check bounces like a rubber ball.  This particular scammer happened to be operating out of Nigeria and was eventually discouraged through IP blocking.

You may find this interesting – The story of open source functionality and unusual generosity that drives WordPress..

Matt Mullenweg was a 19-year-old freshman at the University of Houston when he clicked “publish” on a new blog post..The Founding of WordPress