05-17-2020, 05:11 PM
I did post a reply yesterday where I was asking the OP's author to tell us what web server he was running. After a brief reflection, I removed it...
Reading the post bellow, I'm now sure I did the right thing.
Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!
Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.
This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)
For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.
Good luck anyway!
Reading the post bellow, I'm now sure I did the right thing.
(05-17-2020, 02:04 PM)hamed Wrote: A hacker can never attack my site's admin page because my site is highly secure by the data center. But a super professional hacker can do that (crack). But you say attack. Anyone who wants to attack the site will not only attack one subdomain but also the entire site server
Just for the record. A datacenter can only "protect" you from network-based attacks, not application-layer ones. Your website, on the other hand, is as safe as the code running it!.. A vulnerability here or there and you're open to ABUSE... That's all it takes!
Because you're running a well-known generic CMS, whose code is public domain, thus everybody knows where to search for stuff, then you better have as a good knowledge of it as the next guy who will be "knocking" on your website's door.
This is why my position on generic CMS, forums etc has always been a NO GO!... especially for people who don't realize the challenge they are facing, by just using it. Of course, no one is listening to my extremist view on this :-)
For the admin section of the Wordpress CMS, it's a well-know target for script kiddies. The IP-filtering is the classic shield, as suggested above.
Good luck anyway!