Skip to content

Website Security Report – August 2022

  • by

After I assumed the duties of webmaster in mid-July I installed a security plug-in that I have been using in other website for many years. It is called “iThemes Security Plugin” and is one of the most popular security solutions for WordPress. I use the paid “Pro” version which has many additional features ($127/yr for 10 websites).

Click on the image to view enlarged

As of Sep 1, 2022, here are some of the security update ‘panels’ reported in the plugin dashboard.

Brute Force Bots – Brute Force bots scour the internet looking for WordPress logins to attack. Once these bots land on a login page, they will try the simplest form of gaining access to a site: by trying to guess usernames and passwords, over and over again, until they’re successful. WordPress doesn’t track any user login activity so there isn’t anything built into WordPress natively to protect a website from a brute force attack. iThemes Security Pro works to secure and protect the most attacked part of your website, the WordPress login, by blocking these automated attacks.

These are the results of blocking the brute force attacks. Think of these as bad actors who were prevented from accessing the website.

iThemes Security checks your site for known vulnerabilities to alert you to potential problems before hackers can find them. We partner with expert security researchers at WPScan that curate a database of over 30,000 vulnerabilities so you’ll always be the first to know, and the first to take action.
Integrated with Google Safe Browsing API, the Site Scan feature also scans your website to make sure your website isn’t on Google’s blocklist due to malware or phishing. And if Google has flagged your website as infected with malware, Site Scan sends you an email alert letting you know immediately so you can take action fast to clean up your site.

Here a scan reported a vulnerable plugin. That plugin was not being used so it was deleted.