I was working on a client’s WordPress website yesterday when the site was suddenly subjected to an aggressive hacking attack.
The login page was bombarded by attempts to find the login name and password from IP addresses all over the world. As soon as I blocked an IP address another sprang up.
They failed ….. this time!
I wanted to share some thoughts about this episode and have compiled 4 essential security measures for your WordPress website:
- The attackers were trying common usernames such as admin, administrator, root and anything to do with the domain name. Please ensure you have a unique user name. And an unguessable password comprising of letters, numbers and characters.
- Make sure you have a good security plugin on your website. There are lots of free versions out there – call me (01570 434705) if you want some further advice.
- Security plugins usually come with a facility to limit login attempts. This is essential. At the very least use the Limit Login Attempts plugin which now comes bundled with WordPress.
- Ensure your website is backed up regularly just in case they do break in and you need to take down and replace your website.
If you make access to your website difficult, hackers will often go off to easier pickings and leave you alone. If you would like a FREE REVIEW of your security measures, email me or call (01570 434705). I am happy to help…