Update to Protect WordPress for 2016
Here’s a couple updates to keep this post up with the times!
In general for site security our top three services to help with this include:
- WordFence (has both a free plugin and a premium service)
- Cloudflare (free and premium offer as well and can be used with the two above) <- Can’t recommend Cloudflare enough for other reasons too!
Brett Bumeter and Warren Whitlock’s talk about recent WordPress login hacker attack concerns. They specifically talk about how one can protect their Word Press website from hackers and login attacks.
Warren mentions how the default usernames for many of the Word Press websites is “admin” and that increases the potential risks of being hacked. Brett provides guidelines and suggestions about certain services and tricks a user should implement to avoid such login attacks.
Brett gives a brief background on how a hacker works using different IP addresses, various password cracking tools, automated scripts and timing his or her login attempts to go through the protection. Hackers know which websites are more vulnerable and thus target those frequently. He also indicates how commonly adding only the /wp-admin can enable a hacker to enter your website.
Some of the tips that Brett suggests a user should follow in order to avoid such hacking attacks are –
- Adding a plugin to enable login lockdown, which essentially limits the number of times a login attempt can be made
- Adding several layers of protection by using external services like Cloudflare which is connected to United Nations’ project Honeypot which can identify hackers and what they are trying to do
- Setting up the Word Press account with a different username other than the default “admin”
- Creating a strong password by using upper and lower case alphabets, numbers and special characters
- Managing the website through regular backups of databases, wordpress site and installations through c-panel or services like Sucuri which can keep your site protected and get you back up and running if you are attacked
- Most importantly – acting fast when one feels the website is being hacked
Brett also goes on to mention the important of contacting your hosting company if one gets notifications of suspect login attempts being made on the website. Immediately changing a password is also a good idea. He concludes by mentioning how hackers understand when they are being blocked and always try to develop a work around to penetrate the security.