How To Secure A WordPress Blog
The most common attack used by hackers on WordPress is the “Brute Force Attack.” Watch the video, ( Caution, the opening and closing Music is LOUD!) and discover an easy way to prevent this. Be sure to look after the post for something important…
http://uploadwp.com/securing-your-wordpress-site/ In this UploadWP.com tutorial we’ll show you a free plugin that helps eliminate the threat of brute force a…
WordPress security is a subject that never excites people, unless that is, they have ever had a blog hacked. I have personally had hackers try to hack into a blog that was less than 8 hours old at the time! I know this because having seen firsthand what a hacker can do to a WordPress installation, I always secure every site as soon as the install is finished. I’ll admit I was surprised by seeing someone try to hack a site with zero content. By the fact I received no less than 5 lockout notifications within the space of two minutes I know this was a pro.
The above example just goes to prove that hackers really don’t care what kind of WordPress blog they hack. They don’t look for the best content, or the most traffic. They simply use bots that prowl through server after server looking for one thing, and one thing only. WordPress installations!!
The vast majority of these attacks come in the form of “Brute Force” attacks. This is a common tactic for everything from cracking Safe combinations and Security Codes to hacking into Computers or any kind of Web site.
So why do hackers look specifically for WordPress sites?
The answer to this question lies partly in the fact that the WordPress software creates the same default user name for every installation., We’ll get to the others in a moment.
This happens rather or not you choose your own user name during the installation process. You still get an “admin” user. Because WordPress is an free Open Source Software, anyone can get ahold of the latest version and look for security vulnerabilities to exploit. In WordPress it involves using a bot to keep trying different passwords along with a commonly known user name to try to log in to a blog. By default WordPress does nothing to limit the number of login attempts made with any user name.
So that’s one of the reasons why they don’t need to go to all that trouble…
You see, WordPress users don’t tend to be the most “Techy” people on the Planet. Even many very experienced WordPress “Masters” never change their user name from the default “admin” to something unique. In fact, I once saw one of the original WordPress creators log in with that user name in a video! With the average user, the percentage is even larger. And hackers know that . It’s there to see for any person who wants to try their hand at hacking. As of early September of 2013 there are about 31,600,000 results for “How To Hack WordPress” listed on Google. That’s right, OVER 31 Million!!
By the way, the last time I had checked on that search term in late December of last year, there were “only” around 25 Million!
The plugin the author talks about in the video was created to prevent Brute Force attacks on WordPress. Login Security Solution is a single purpose WordPress plugin. All it exists to do is prevent Brute Force attacks on your site. As plugins of this sort it does the job. There are plugins of the same type that offer more features, and some that offer less.
My big issue with this plugin is the fact that as shown in the video, the number of attempts left is shown after each try.
That in itself, is another security risk! Preferably you should show as little information as possible about your WordPress install. Every version of WordPress has little things that will tip off hackers to exactly what version you’re using.Most of these things come in the form of default announcements, behaviors and little quirks that display information no one really needs to see but you.
Because every security loophole in every WordPress version is publically displayed on Millions of sites across the Internet you are simply helping a hacker gain access to your site faster by displaying too much information on your blog.
I use one of two other plugins that do the same thing plus way more to take care of limiting log in attempts on every WordPress installation I create. The best known of the two is called, Better WP Security. The virtually unknown one is called WordFence. Both of these are free WordPress plugins you can install directly from your WordPress admin by clicking the “Add new” link on the plugin page or from the dropdown selection that appears when you hover over the plugins item in the admin menu.
Not only do these plugins limit the number of log in attempts, they also allow you to set the number of tries someone gets before their IP address gets banned. Both also help to hide many of the places within a WordPress installation that hackers look to try to find information on the version you’re running.
A word of caution before you consider using either one of these two plugins…
Don’t use the ban feature without Whitelisting your own IP address first or you could get locked out or banned from your own site! If you have a “Dynamic” IP address don’t use this feature at all!!! A Dynamic IP address is when your ISP (Internet Service Provider) randomly assigns you a new IP address each time you log on to the Internet. This will cause you plenty of problems with almost any plugin that limits access to the WordPress admin by using IP addresses. There’s only one plugin that will do this task and far more while letting the user employ random IP addresses.
WP Padlock is my “Secret Weapon” against hackers.
All by itself, WP Padlock will make your WordPress blog all but unhackable…
But it’s NOT the ONLY security plugin I use. I won’t go into my reasons as to why because that alone is the subject for several posts, not one! I’ve taken this several steps farther. I have systematically covered ALL the bases for you. Every trick the hackers have, there’s an answer for. Every method of attack has a counter measure in place.
A WordPress Site That Can’t Be Hacked!!
Want one for yourself…
Use The Link Below To Find Out How…