After my blog was hacked a few months ago, I’ve been understandably more security conscious on my blog.  One of the things I’ve done is install a few security plugins (most notably Wordfence Security).  Wordfence is an absolutely fantastic security plugin, it monitors the files in your site to make sure that they don’t change unexpectedly, and more importantly it monitors login attempts (and other page requests on your site) for potentially harmful login attempts.

Over the past few weeks a global brute force attack has been targeting wordpress installations.  I first found out about it because Wordfence started notifying me that there were more failed login attempts than usual.

Protect yourself and your blog with the following crucial steps:

  1. Don’t use “admin”:

    • If you have a user named “admin” on your wordpress installation, get rid of it!  If it is your only admin user, create a new one, log out of admin, and in as your new admin user, and then delete the user named “admin.”  The brute force attack is trying thousands of passwords with the user named admin.
  2. Use a good password:
    • Please don’t use “password” or “admin” or “god” or your birthday, pet’s name, or any other easily guessed password.  Use a good password.  The brute force attack is trying both a list of the top 10,000 passwords, and a dictionary random word attack.  Protect yourself, don’t use a password that is easily broken!
  3. Use a security plugin to prevent login attempts:
    • As I mentioned above, I use Wordfence Security by Mark Maunder.  This plugin is fantastic.  Not only can you set it up to lock people out if they fail to log in a certain number of times, but you can rig it where if they try a username you don’t have (like admin, because you followed step 1) it will lock them out immediately.
    • It will also notify you when it has locked someone out, and can notify you if someone successfully logs in.  This way you can have a warning if someone does manage to break through your secure password.
    • It also monitors the files on your wordpress installation and notifies you if any of the files in your themes and plugins unexpectedly changes.  This is a great plugin and I highly recommend it.

I hope this helps you secure your blog from this attack.

Battering Ram Image Credit: flickr.com/noii


Nick Moline

Nick is a Senior Software Engineer at Justia.com, a company that makes legal information freely available online. Besides his work, Nick is an avid enthusiast in areas of Technology, Science Fiction and Fantasy, Musical Theater, and everything Disney.

  • Excellent recommendation to use a plugin to secure the blog. Thanks for the info!

Related Posts

Blogging

Seven Blog Posts in Three Days

Last week Barbara and I attended the annual Google I/O Developer’s conference in Mountain View.  We’ve attended every year since the first one back in 2008 and were glad to continue the streak. As you Read more…

Blogging

How To: Hide content from search engines, and why you would do it

My latest overview post on Justia’s Legal Marketing and Technology Blog is all about the Robots Exclusion Standard.  I explain reasons why you may need to block certain content from search engines, as well as Read more…

Blogging

A little bit about Structured Data and the Semantic Web

My latest post on Justia’s Legal Marketing & Technology Blog just went live and it is all about Structured Data and the Semantic Web.  I talk and write quite a bit about the Semantic Web Read more…