1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Protect Yourself from an unwanted Wordpress Brute Force Hacking Party.

Discussion in 'Blogging' started by jeremonster, Dec 3, 2013.

  1. jeremonster

    jeremonster Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    212
    Likes Received:
    61
    Location:
    American in Ukraine
    What is up with so many people trying to hack my WordPress sites? I have always believed that a strong password is the key to not having your WordPress site hacked and replaced with some casino or Viagra crap (it happened to me in the early days). By default WordPress does not limit the number of attempts someone can make when trying to log in. This makes it very easy for a well programmed "Bot" to go wild with login attempts.

    I have this one WordPress website that gets around 8,000 unique views a month and is targeted on entertainment. I noticed some serious traffic to my default install /WP-Admin. I installed a plugin that limits login attempts and then blocks the IPs for any amount of time that I choose. I was shocked that there were so many attempts to hack my site. I blocked 42 IPs on the first day. I really had no idea that so many attempts were made on my sites. So, I decided to share some WordPress security tips for the new guys or those like me who focus on other things.

    Simple steps to protect your WordPress site:

    1: Crazy Strong Password! There are some random password generators that you can use and modify. Don't use something simple!
    2: I am sure that everyone here already knows we should never leave the WordPress user name as "Admin", right?
    3: Change the location of your admin login so that it is not domain.com/wp-admin
    4: Back up your database regularly so that you have a restore point in the event you are hacked.
    5: Lock the write access to your files to limit any damage, this may not always make sense, but it can make sure your site is safe.
    6: Limit login attempts (free plugin that you can manage how long the IPs are blocked and how many attempts they get.
    7: Stay updated with WordPress and plugins
    8: Pray that your hosting is secure and say seven Hail Marys.
    9: Research some good security plugins that you feel meet your needs and install them.
    10: No, Seriously... Change your Damn password!

    Hope this helps secure your blogs and sites until the next Google Algorithm removes us from the SERPs.:drinking2
     
    • Thanks Thanks x 4
  2. elner

    elner BANNED BANNED

    Joined:
    May 23, 2012
    Messages:
    453
    Likes Received:
    53
    thank you . :D Thumbs up for this.
     
  3. aspe_heat

    aspe_heat Power Member

    Joined:
    Oct 7, 2010
    Messages:
    799
    Likes Received:
    595
    Gender:
    Male
  4. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    8,835
    Likes Received:
    7,450
    Occupation:
    ZLinky2Buy SEO Services
    Location:
    ⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩⇩
    Home Page:
    Overall solid tips, thanks for sharing mate.
     
  5. jeremonster

    jeremonster Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    212
    Likes Received:
    61
    Location:
    American in Ukraine
    Does anyone know of any free WordPress Vulnerability Scanners?
     
  6. kindarthur

    kindarthur Jr. VIP Jr. VIP

    Joined:
    Nov 27, 2011
    Messages:
    2,212
    Likes Received:
    332
  7. Warlock8

    Warlock8 Registered Member

    Joined:
    May 1, 2013
    Messages:
    53
    Likes Received:
    5
    Try Wordfence it's a good security plugin for wordpress
     
  8. jimmyisso

    jimmyisso Newbie

    Joined:
    Dec 3, 2013
    Messages:
    12
    Likes Received:
    2
    Location:
    USA
    Home Page:
    I have been a victim of WordPress hackers before and let me tell you it is not fun. I agree with all of your mentions in the OP. I use RandPass to generate a 32 character super strong password. I also use BackupBuddy and WP DB backup plug ins for regularly scheduled database backups. You should also change your admin account log in information to a different user name and change your wordpress database table prefixes to something besides "wp_". There are several security plug ins for WP that will do this for you automatically.

    My biggest mistake was not staying up-to-date with the latest versions of WordPress software. They update WP for a reason and often times fix security holes that hackers like to exploit on innocent, ignorant bloggers.
     
  9. jeremonster

    jeremonster Regular Member

    Joined:
    Oct 27, 2010
    Messages:
    212
    Likes Received:
    61
    Location:
    American in Ukraine
    RandPass is awesome and I also use that. Now I use a full sentence and my favorite year as my password. The longer the better I think when it comes to passwords. I also slacked off on not updating. These are the single most important things in WP Security! Strong Password and Updates.
     
  10. abdurrakib

    abdurrakib Junior Member

    Joined:
    Nov 30, 2012
    Messages:
    113
    Likes Received:
    20
    Location:
    Windows 10, C:
    Home Page:
    8th step is the best step...xD

    Nice share. Thank you.
     
  11. TheUnborn

    TheUnborn Elite Member

    Joined:
    Feb 21, 2013
    Messages:
    3,041
    Likes Received:
    1,672
    Occupation:
    SEO Consultant
    Home Page:
    8 is the only step i'll follow,thanks OP