Protect Your WordPress Site from Attacks

A website is a valuable asset in this day and age, and anything that’s valuable will have people who want to take it, exploit it, or destroy it. There are many ways to attempt to damage or gain access to a website, but the most common way is to try a brute force attack on the login page.

What Is a Brute Force Attack?

A brute force attack is so named because of the lack of finesse required. Essentially, brute force is when a hacker tries all possible combinations of password and login to try to find a way in. However, brute force attacks are relatively easy to foil. Here’s how.

1. Limit Login Attempts

One of the biggest vulnerabilities of WordPress is that is does not limit login attempts by default. You can fix this, though, but installing a plugin that does limit login attempts, and set it to a reasonable number like 3 or 5. Hackers will generally move on to easier prey.

2. Delete the Admin Login from your site

Default settings are where a lot of weaknesses occur, because people rarely comb through all the default settings to make sure there aren’t any problems. The whole point of default settings is to reduce the problems.

However, an Admin login is a well known weakness, particularly because people often make personal logins and passwords without ever changing the admin password — or simply changing it to another obvious password, like qwerty. What this does is give hackers a shortcut. If they don’t care whose website they break into, they can shorten their scripts to only try to hack common logins and password combinations. Statistically, they’re still going to find a lot of holes. Make sure your website isn’t one of them and delete all default logins.

3. Strengthen Your Passwords and Change Them Regularly

There are many ways to assess the strength of your password, so we won’t go into them here. You can also use a service like LastPass, which is helpful for the second half of this advice, which is to change your passwords often. People generally don’t follow this advice because they are afraid they’ll forget their passwords. However, not only do people not change their passwords, they use the same one in multiple places, again because they don’t want to forget them, so if this sounds like you, do yourself a favor and get a password manager like Lastpass.

Brute force attacks are among the most costly and embarrassing security threats, but they are also one of the easiest to avoid. Follow these best practices to avoid winding up a statistic. Our Digital Marketing Agency also uses wordpress for their clients and we help them to ensure the safety of their websites.