In early September, Dev4Press website started using a wide range of security tools from our own GD Security Toolbox Pro plugin for WordPress, and in this six month period a lot of security-related data was collected and analyzed.
GD Security Toolbox Pro is modular plugin built around core security events log system. All the modules (or addons) are connected to the log system to report problems and use logged information to determine repeat offenders and ban them. And, log system includes management for banned IP addresses that can ban any IP. And, over the period of 6 months, this system was tested under different conditions, and the security log from this period offers a very interesting overview of the various types of attempts to attack the website or deliver spam.
To show you how much security plugin improved server performance, here is the chart showing server CPU load and downtime for 6 month period before GD Security Toolbox Pro was used in full.
Antispam results
One of the most aggressive forms of malicious behavior is spam delivery. WordPress websites are great targets for this because they all have some sort of blog and comments. So, as the website popularity grows, so is the spam delivered. And, there are many plugins dealing with spam already, and until September 2016, Dev4Press was relying on Antispam Bee. And, while the Antispam Bee is indeed very effective in catching spam, it was doing nothing to prevent it. And that is exactly the problem with all other antispam plugins I have tried (including Akismet years back).
Simple comparison: in previous 6 months period (until September 2016), Antispam Bee plugin has caught around 60.000 spam messages. But, the large portion of these messages was delivered by a small number of spammers. The plugin was effective to catch spam, but it can’t do anything to prevent it. And, these 60.000 messages mean that server had to load WordPress 60.000 times for useless spam, and that is a pure waste of server resources.
Now, in the last 6 months with the use of GD Security Toolbox Pro, the plugin prevented all spam attempts, but in the end, it caught only 1.500 spam messages! But, any time a spam message is detected, IP trying to deliver it was banned, and it was no longer able to even attempt spam delivery because IP was stopped by .htaccess before the WordPress is loaded. This way, plugin saved a lot of server resources by denying spammers access to WordPress. So, instead of 60.000 attempts, plugin managed to completely prevent 58.500 spam attempts!
GD Security Toolbox Pro is logging the reason for each spam message, and the most spam comments were caught using a hidden field in the comment form, DNSBL database check, repeated spam, missing email filter and BBCode URL check.
And, now, based on the data collected over this period, GD Security Toolbox Pro Antispam addon is expanded with additional filters. In the next 6 months, these new filters will be put to the test, and I will report back how efficient they were.
Content Security Policy
Content Security Policy or CSP is a very useful method for preventing some forms of attacks, including cross-site scripting or data injections. GGD Security Toolbox Pro includes CSP support, and over the past 6 months, CSP is used on Dev4Press. It took some time to configure properly and to include all the rules needed, and over this period, the plugin has logged close to 5.000 CSP violation reports. Some reports were related to the incomplete configuration (missing domains mostly), but when that is removed, there are many users and visits tracking systems prevented from loading. These trackers are usually part of the browser extensions that in many cases are gathering information about user activity. CSP will stop all such attempts, but it is interesting to see how many users have spyware inside browser usually hidden inside extensions without their knowledge.
Username Traps
One of the best methods to trap attackers is to trap them when they try to use the username that they can’t have. The plugin allows you to define the list of usernames that are not registered on your website, and when anyone tries to login with the username on the list, that user will be trapped and banned. So, if you don’t have username ‘admin’ (and you should never have that), or ‘webmaster’, with Username Trap active, the plugin will be able to trap and ban anyone attempting to log in using banned usernames.
GD Security Toolbox Pro has trapped 963 IP addresses over the period of 6 months using this method, all trying to login using ‘admin’ username. Most of the IP’s banned were also found as malicious in the DNS-BL databases. There is no way of knowing how many more login attempts were preventing by banning attackers after the first attempt.
DNS-BL Detections
GD Security Toolbox Pro uses Project Honeypot and Tornevall DNSBL to detect spammers or other malicious sources, and over the period of 6 months, this method banned 986 IP addresses, most of them were marked as spammers. That was also a very effective method to prevent a large number of spam messages to be delivered.
Overall Protection Results
So, over the past 6 months, GD Security Toolbox Pro was working full time to protect Dev4Press website. And, with tens of thousands spam requests prevented and countless attacks from malicious sources, server load and downtime were drastically lowered.
Average server load dropped from average 33% to 8%, and downtime from 65 minutes each month, to just under 4 minutes each month. This again proves that security is essential for improving server performance and that preventing spam (not just catching it) is a must do for any website.
All these results are a combination of various security related tools, from many tools for hardening .htaccess, to effective Antispam scan and prevention through banning spammers and tools to trap malicious attackers. There is no perfect solution to any security issue, and I will continue to work on expanding and improving GD Security Toolbox Pro, and it will continue to be tested first hand on Dev4Press website. In the current state, the plugin is intended as proactive protection, and over time, more tools will be added. If you have any questions, check out plugin features page, and contact me if you have additional questions.
