With Wordpress becoming more and more widspread, hackers have been coming up with new methods to exploit sites in order to use them for malicious purposes, often to phish or send spam.
It is important to protect your site from these types of attacks and make sure you are not the unwitting participant in a spam campaign or phishing attack.
Recently brute force attacks on wordpress sites have become prevalent but these types of attacks are easy to prevent by making simple changes on how you deploy your wordpress installs.
Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack exploits simple usernames and passwords by repetitively attempting combinations for commonly used usernames and passwords it tries usernames and passwords.
To protect your wordpress installation the first step is to use a complicated administrator usernames and password. If your username is currently "admin" you should consider changing this immediately by creating a new wordpress account and transferring all the posts to that account then deleting the "admin" user or turning it into a subscriber. Passwords can easily be guessed when choosing dictionary words or using just numbers or short passwords. See this article for more information on how to set a strong password.
The second step to protect your wordpress install is to prevent attackers from being able to keep testing users/passwords.
Two great plugins for this are:
-Limit Login attempt: http://wordpress.org/plugins/limit-login-attempts/
-Two factor auth using Google: http://wordpress.org/plugins/google-authenticator/
These plugins are free and highly rated.
We strongly recommend installing at least one of these plugins or both.
- 2 Users Found This Useful
