I woke up this morning to nerdy news all over that there is currently in process a brute force attack targeting wordpress sites.
A brute force attack is where hackers use software to try and “guess” your password.
So the quickest and easiest thing you can do to protect your site from the bullies is:
1. Make sure your wordpress password is complex.
Use a combination of letters and numbers. Don’t use dictionary words. LOTS of people use a zero for an “o” and a one for an “i” so mix up your letters, numbers and special characters. You can change your password in dashboard > users > all users > edit
2. Delete any users that don’t need access to your site
(like tech people you no longer use)
3. Limit the number of login attempts on your site.
You can use this plugin http://wordpress.org/extend/plugins/limit-login-attempts/ that only takes a minute to install and set up. Since the “attack” is brute force / trial and error this can be very effective.
4. Use a security plugin
Something like this http://wordpress.org/extend/plugins/better-wp-security/
5. Manually password protect the “wp-login.php” file
Step by step instructions are here: http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack
And just in case always make sure your site is backed up
Hosting companies are blocking access as quickly as they can, but you can help protect your own site as well.
For more info check out wordpress’s codex http://codex.wordpress.org/Hardening_WordPress
Please share this post with your friends.They really need to know this. There is a lot more you can do and a lot of great plugins. If you have any tips or favourite tools please share them in the comments.
EDIT: I forgot a couple of basics in my rush to get this info out to you.
A. Make sure your wordpress install, plugins and themes are all up to date.
B. Don’t use admin for your user name. (you can’t change it as such but you CAN create a new admin user and then delete the old one)
I’m sure there are more – comment below!