Two days back, when I logged into my website’s administration panel as usual and made my way to the visit log section, I was taken aback to see hundreds of 404 errors in the log, in the span of just a single night!
The URLs queried were very strange, clearly nonexistent, and it appeared that someone was systematically exploring my website for weaknesses and trying to get a backdoor entry. Corroborating this was the fact that all queries were from a single IP address – 184.108.40.206 – that apparently belongs to a Chinese ISP named “Beijing Bitone United Networks Technology Service” with its registered address in Chaoyang, Liaoning, China.
What worries me is that most of the URLs were direct calls to various PHP files in my WordPress installation folder. They didn’t just know my WordPress installation folder, they also knew what theme I was using and the list of files in that theme and their locations in the theme directory.
Thankfully, I’ve protected my website well with the following security plugins:
But you never know how much is enough when it comes to security! Do let me know if there are any other good security plugins I should install.