While monitoring my WordPress dashboard, I discovered several suspicious activities in the comment section. There were not just spam, they were automated script injection attempts aimed at compromising my server’s admin privileges.
Step 1: Technical Breakdown
The attackers attempted to use the WordPress REST API to execute. They targeted the /users endpoint of the WP API, and created a new user with the role of ‘administrator’. Their goal would be gaining full control over my website by creating a backdoor account.
Step 2: My Defense Strategy
To protect my site from these bot threats, I took the following steps:
- Strict Comment Moderation: I enabled the “Comment must be manually approved” setting to prevent any malicious scripts from appearing on the front end. Setting -> Discussion -> Before a comment appears
- Security Plugin (AIOS): I configured the All In One Security (AIOS) plugin to detect and hiide the REST API from spam users. AIOS -> Spam prevention -> Comment spam
- Database Monitoring: Since these bots can overwhelm the server with requests, I am now closely monitoring my MariaDB status and CPU usage on AWS.
Lesson Learned
If you run a self-hosted site on AWS, security is not optional. Bots are constantly scanning for vulnerabilies. Keep your plugins updated and always check your logs!