WP Sifu Monthly Reports Explained

28 Jul 2017


Each day, at least 3 attempts were made to hack each of our clients’ WordPress website.

Starting this August, we will be sending out monthly reports to all our clients detailing work done on their website, together with amount of time spent. Plus, more importantly, how many security breach attempts we have helped prevented.

The report was designed to be easy to understand, yet a guide was necessary, so this is for our clients.

First of all, an example of the report, which will be sent via email:

“WordPress Version” Showing which version of WordPress your website is running on. You may click on the link next to it to view history of WordPress software released to date.

“Software Updates” You can expect to see at least one or two of these happening every month. These were either work done on updating WordPress version, plugins and themes. Even though WordPress has introduced self-update ability since few versions ago, we do not rely on it 100%. We actually spend time going through every site to make sure everything is in order. Because sh*t does happen.

“Security Alerts” Every time when someone or some bots tried to  compromise your website, our security systems will detect and lock them out if necessary. These are the times we have managed to lock them out.

“Fake admin logins” First subset of security alerts, which is most common. Every day, there were bots crawling around the internet, looking for websites running on WordPress, then these bots would attempt to login to your website by using different combination of usernames and passwords. Usually, they would start by using “admin”, because amazingly, majority of WordPress websites out there still left their default username as “admin”. Naturally this would be their first try. But in our case, we would straightaway consider anyone who tries to login as “admin” as attempt to hack. Because we would have changed your WordPress website default username to other than “admin”. This is how we can quickly determine if the logins were legitimate.

“Illegal files scanning” Second most common method employed by hack bots. These bots scan your website for files that are known as vulnerable. Once detected, the bots would launch second phase of attacks aiming only at the vulnerable files. Vulnerable files usually means outdated plugin files, or custom plugins that were poorly written. In our case, as soon as we detected someone or some bots trying to scan our files, we would immediately lock out their IP address for several minutes. If we continue to detect same IP address performing same files scanning, we would lock them out permanently. Here’s a fun fact: One of the most popular locations where these IP address belonged to is Turkey.

“Others” Some hacking attempts were not so commonly employed, we simply group them under this category. Such attempt actually includes someone physically trying to guess password. Though we have reasons to believe such attempt were actually made by website owners themselves who had happened to forget their own password. We played it safe by locking them out anyway as we know they would get in touch with us directly when they genuinely needed help with login.

“Content updates” Pretty self-explanatory. This usually refers to updating, adding or removing existing content. By content, it includes text, images, or file uploads.

“Design & development” More relevant to you if you are on Platinum Plan, we offer unlimited design tweaks, so these could be work involving design improvement, creating elements which were not previously there eg new functions, etc.

“Others” Sometimes, there were some works that we did for you which we couldn’t put under any of above categories, such as works that were not done directly to your website, for example, creating email newsletter, creating profile picture for your LinkedIn page, etc.

As you can see, there can be a lot of work done in the background which you may not be aware of (but now you are.) So the next time someone asks how come your website is running on WordPress but you never had problem, please tell them about us.