We get LOTS of emails from clients asking about site lockout notification emails they...
We get LOTS of emails from clients asking about site lockout notification emails they receive from the iThemes Security plugin we set up for them (formerly known as Better WP Security). The email goes something like this:
Dear Site Admin,
A host, 123.456.789.000, has been locked out of the WordPress site at http://yourdomain.com due to too many attempts to access a file that does not exist.
The host has been locked out until 2013-9-10 16:42:26 .
*This email was generated automatically by iThemes Security. To change your email preferences please visit the plugin settings.
In plain-speak, this email is telling you your iThemes Security plugin detected some suspicious activity by a person (or computer) visiting your website, AND it has blocked that specific IP from visiting your site, temporarily. This security measure is intended to lock out people or computers that are searching for weaknesses in your site that they can manipulate to inject malicious code or otherwise hijack your website and wreak havoc.
Sound scary? At first a site lockout notification can seem scary, but that’s what this wonderful plugin is for!
Here is what we do:
First, click the IP link. Clicking the IP link takes you to ip-address.com where you can get some basic information on the IP. This is the most obvious way to tell is some activity is suspicious. Most suspicious/malicious activity seems to be in far-off places like China, Ukraine, etc. Since we do not do business in those countries, we immediately put the IP in our black list (in the iThemes Security settings).
Next, do some recon. If the IP is not in a strange area (and sometimes even if it is), or if you do business in multiple countries you will want to do some deeper investigation. We use whatismyipaddress.com because it is updated with current information by other users. By reading others’ comments you may find some details that will help you determine whether the IP in question is really malicious or not. P.S. If you know of a better resource than whatismyipaddress.com, let us know in the comments below!)
Block or not-block. One you feel like you have enough information and decide the IP is malicious or at least suspicious, add the IP to the black list in the plugin settings. We take the IP down a notch or two because one malicious user can have several related IP’s. If the IP address was 123.456.789.000 we enter it as 123.456.*.* on the black list. No, this is not a foolproof solution either, but it saves you the trouble of getting pinged by the same hacker again and again.
You can turn site lockout notification off. If you get annoyed with too many site lockout notifications you can choose blissful ignorance. Just edit the proper settings.
No automated system is foolproof. This plugin may lockout legitimate traffic on your site — including you! This means
This plugin can lock out web crawlers like Google. You will want to white list web crawlers so they don’t get locked out. Web crawlers tend to hit a lot of non-existent files as they scan your site. Since this is somewhat similar behavior (very basically speaking) to spammers and hackers, the plugin can kick in, block the web crawler and send you a site lockout notification. Not good. Do very good research to make sure the IP is legitimately a web crawler, then add them to your white list.
People often run into roadblocks while getting their WordPress website set up. WordPr...
People often run into roadblocks while getting their WordPress website set up. WordPress is meant to make things easier for website owners, but let’s be honest, there is a no-jokes-learning-curve involved with learning and using WordPress. Our WordPress Tips blog posts are designed to help you get through the basics.
The Akismet plugin for WordPress is a pretty useful plugin that automatically sifts and deletes spam comments for you. But how to set it up?…
1. Choose your plan. Check out Akismet’s various plans here. Click ‘Sign up’ to create your account.
2. Grab your API key. They are always changing their signup methods, but your API key should be emailed to you. Also, upon successful signup you should be taken to a landing page with your API key. If all else fails, log in to your Akismet account and under Account Overview it will show your API key in *******. Click ‘Show’ and copy the code.
3. Enter your API key into WordPress. Log in to your WordPress site. You may have to search around for the account settings (again, because they keep changing things), but as of the writing of this article you go to ‘Settings > Akismet’.
Paste your API key and click ‘Save changes’
That’s it! Choose your other preferences and watch as Akismet starts filtering away unwanted spam. Akismet is NOT foolproof. Keep an eye on it from time to time. It lets occasional spam through, and sometimes filters out legitimate comments, but for the most part it makes your job easier.
To use blog comments or not to use blog comments, that is the question. This article ...
This is a very good question with a multi-layered answer (of course!). In case you have been wondering how to turn off comments in WordPress, this post is for you. First, a question:
Comments are a great way to build community and encourage discussion on your website. However, comments are not necessarily appropriate on all websites or in all situations. Plus, comments can come with some time-consuming pitfalls such as SPAM comments and participating in blog conversations yourself.
We lean toward leaving comments on in the appropriate places and using plugins to help sift through annoying SPAM comments. WordPress comment spam can be avoided by using Akismet. This plugin sifts most SPAM comments to your SPAM folder, and it even deletes SPAM comments after 30 days if you choose. This plugin is not totally foolproof. Akismet can let some SPAM through and sometimes filter legitimate comments. Overall it is a godsend in helping you. They have free and paid products, so choose the one that fits your situation.
Check this article on how to set up Akismet
Evaluate your site first. Search engines love to see this kind of activity on your site. Also, your followers also love to feel that sense of community like their opinion matters. First, you should decide if your site is the right place for comments and community. If not, then turning off comments is okay.
Turn comments off on pages. I’ve never seen a case where comments on pages is useful. In fact, allowing comments on pages can be confusing for you AND your visitors. I recommend you always, always turn comments off on pages. To do so, go to Screen Options at the top-right of your Edit Page page (or Add New Page if you are creating a new page) and make sure the Discussion check box is checked.
If you choose to turn comments off in WordPress, there are several ways to accomplish it.
1. Turn comments off site-wide. To turn off comments on your entire site,
2. Turn comments off page-by-page. You can allow/disallow comments on an individual basis. Use the instructions given above for turning off Page comments, they are the same for turning comments off in Posts.
3. Use your theme’s preferences. Some themes allow you to turn off comments site-wide with the simple click of a button. This is the simplest method, but note that 1) not all themes have this options, and 2) if you switch from a theme that has the option to one that doesn’t, the settings don’t carry over. You still need to use the process described in #1 to turn off comments. We recommend #1 as your best way to turn off comments in WordPress.