If you have a wordpress website and newly just installed, you need to do this to protect your website.
In fact, there are some malicious bot net crossing this internet and use xmlrpc attack to brute force your wordpress password. Some of them also using brute force to wp-login.php script and tried to use brute force way.
To solve this, install these plugins :
- Install BBQ to block bad queries that comes into your Wordpress site. Its able to block some malicious URL or some most known injection type. Please keep in mind you are responsible for your own web files. Even with the strongest server security, it does not mean your website is safe.
Server security and Application security is different entity. Your website is part of application security meanwhile your account panel is part of server security. In fact, most of website hacked due to carelessly of website owner or website developer that does not patch their website properly or install some enhanced plugin properly.
Install Loginizer to protect your website from brute force attack. This will increase your website security and automatically lock the attacker being login into your wordpress login page.
Install Stop XML RPC Attack to stop XML RPC flood that came from no-where into your Wordpress website. Small amount xml RPC should be not problem. However when quite large hosts attack your wordpress, this will be a problem. The CDN server did not cover for XML RPC ping attack, therefore we suggest to install this plugin.