Defending Against a WordPress Brute Force Attack

Security experts are warning about a large botnet attacking WordPress sites using brute force attempts to break passwords.

It is important to note that WordPress is not insecure.  It is a target fir hackers due to the massive number of installed sites., Many of these are installed using “Admin” as the user, and with “password123″ as the password.  You have that, there’s a reason you’ve been hacked.

Do yourself a favor, protect your WordPress site from brute force attacks – hire a professional to install it or at least to run a security audit on it. If your site is hacked, email me and I can try to fix it.

Here is a list safety measures to protect you from a WordPress Brute Force Attack

  • Install the plugin to Limit Attempts to Access Admin – this may not stop it cold as some reports have the current attack using over 90k ip addresses.  Still, this is worth while. http://wordpress.org/extend/plugins/limit-login-attempts/
  • Change your password (and ALL passwords for your site ) to something that uses at least 8 characters, including numbers, symbols and uppercase.
  • Do not use “Admin” as your user name.  If you do, set up a new administrator account and delete the admin user.
  • You can install a second layer of security by installing an htaccess password.  Instructions here.

If you can’t do this, then please contact me and I can do it for you.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>