It pays to monitor your website security!
I run the WordFence security plugin. Every so often I go into the live traffic records and look at who and what has been trying to access my website.
This is one of the things I love about WordFence, it allows you to easily see IP addresses of those trying to access your website via wp-admin or some other way.
It also has a section for “pages not found” which is one of the main ways a hacker tries to backdoor your website and inject malicious code into you database.
About a month ago I found an entry in my Security logs and found this info about a hacking attempt:
From SPAIN: Using IP address IP: 184.108.40.206 with NameServer: NS1.ALOHADOMINIOS.COM
This hacker tried to do a “remote code” or sql injection to my website using the “PHP XMLRPC Code injection vulnerability”.
This is how the “page not found” entry looked:
Now, I am not that knowledgeable about “code” and internet jargon but I can see where this does not look like a legitimate and maybe an accidental 404-page not found entry. It is interesting that the hacker tried to use the Yoast plugin as a means of hacking. Either way, I would take notice of entry like this and do a little research on it to see if it is indeed a hacking method.
WordFence did it’s job and saved my website from this hacking attempt that would have wrecked havoc on my website.
My next post will list several IP addresses and associated name servers of those that have attempted to hack one of my websites.