So, the past few days had been hectic. For web hosts and web admins anyway. There has been a wave of global brute force attacks on WordPress and Joomla installations. When I first learned about it, I was a bit panicked coz I have dozens of sites and I also take care of several dozens more for friends. All of them running WordPress.
When I checked my reseller hosting, I was informed that the host temporarily disabled login pages for majority of the sites. So I breathed a sigh of relief and that’s when I started thinking rationally. I can’t help it when you hear something like this, can you imagine several hacking attempts every second on a site? But I did realize, my wordpress sites are not that vulnerable to brute force attacks, at least not too vulnerable.
It’s really a must to be secure against this attacks as I think its rather common now. How to do that?
- First things, don’t use commonly used usernames like “admin” or “admininstrator”, “test”, “root”…You can check out this very informative post on Brute Force Attack Myths or Reality. You’d see there the commonly attempted user names and passwords.
- Use a strong and long password. Combination of upper, lower cases and special characters. I personally use more than 20 character passwords.
- Limit login attempts. Yes, this is effective in way that the server will block an IP address after trying several wrong logins. This can be easily achieved by a plugin like Limit Login Attempts and also Better WP Security. I prefer Better WP Security, as it can have a lot of security functions. Note that these plugins wont secure the site 100% but it will surely block them from exploiting commonly used routes for hacking.
- Hide the wp-admin page. Better WP Security has this functionality if you have enabled your permalinks. You can change the location of your login area to where nobody has the business to know.
- Lastly, always be aware and contact your host if there is something weird. Ha!
It always pays to be vigilant and actively work to secure your sites. Don’t wait until its too late.