Defending Against a WordPress Brute Force Attack
Security experts are warning about a large botnet attacking WordPress sites using brute force attempts to break passwords. It is important to note that WordPress is not insecure. It is, however, a big target with a massive number of sites installed, many of which were installed by morons who use things like “God123” as their password. Do yourself a favor, protect your WordPress site from brute force attacks – hire a professional to install it or at least to run a security audit on it. If your site is hacked, email me and I can help you get it back. Here is a list of things you can do right now to keep your site safe.
- Install the plugin to Limit Attempts to Access Admin – this may not stop it cold as some reports have the current attack using over 90k ip addresses. Still, this is worth while. http://wordpress.org/extend/plugins/limit-login-attempts/
- Change your password (and ALL passwords for your site ) to something that uses at least 8 characters, including numbers, symbols and uppercase.
- Do not use “Admin” as your user name. If you do, set up a new administrator account and delete the admin user.
- You can install a second layer of security by installing an htaccess password. Instructions here.
If you can’t do this, then please contact me and I can do it for you.
One thought on “Defending Against a WordPress Brute Force Attack”
Great advice for all user ID’s and passwords, not just WordPress. You never know what will be attacked next or where it will come from. Practice “Safe Computing” people!!!!