I keep getting messages via my WordPress contact form from someone claiming he hacked into my website and stole my database and is going to start ruining my reputation online unless I pay him $3500. I'm assuming its spam (I mean dude, if you hacked into my website, you should be able to find my admin email address and email me there, instead of submitting a message through my contact form that goes to my public-facing email 🙄), but there is a tiny part of me that worries it's real. So here are my questions: 1. Please assure me it's spam! 2. Which anti-spam and anti-hacker plugins do you recommend to help me sleep easier at night?
#WordPressQ&A
Yes, it's absolutely spam! Well, I say that with 99% certainty. There are obviously hackers with the skill to do what they are threatening but, in my experience, their messages usually carry more weight than this. Like proof of what they've found.
Here's a blast from the past. I had a mum blog back in the day which I slowly stopped using so it'd been sat unloved for a while. After a few months, I tried to access one page and it couldn't be found. I logged back in to discover that all my content had gone!
I did some investigation and it turned out one of the plugins on my site had a vulnerability that was exploited. But as I hadn't updated anything in a while, they got to my site. These people didn't mess about emailing me first!
You could be drastic and turn off all comment-related functionality. But, there are other ways.
My recommendation would WordFence as a good free one. Sucuri is also good.
You will need to take some time going through their settings but they will have an explanation for each one or a help doc with recommended values for them.
There are other things that can help. Like not using "admin" or your name as your username.
You can also change the default login url (ending in wp-admin or wp-login) to something else. But please remember what you change it to, otherwise, you won't be able to back in.
This was part of a live Q&A and my response starts around 26:40.
If you've got funny/quirkly spam story to share, I'd love to hear them. Like the weirdest one you've ever got? Or just ask a question!
Must be Logged In to leave comments.
By ticking this box, you agree to the Terms of Service and Privacy Policy.
Yes, I'd like to receive your emails. Please add me to your email list.