WordPress is a very popular blogging platform and it is also prone to brute force attack. Sometimes blog administrator focuses more on SEO and other optimization things, but forgets to look into security factor. The security lapses give exposure to hackers.
Every blog administrator should give high priority to wordpress security by following the security guidelines.
What is Brute Force attack ?
Brute force attack is an approach to guess username and password consistently. Unfortunately most of the wordpress users have their username sets as default admin which makes it easy for hacker to guess only the password.
Prevention of wordpress blog from Brute Force Attacks
- First of all you need to create a different username other than default “admin.” For that goto Users and then Add New, now make sure to give Administrator as Role from the drop down box below. After all these steps, log in with new user name and then delete the default username “admin.” Before deleting the old username, be sure to assign all the posts of old username to new one.
- As you know WordPress has a huge repository of plugins, so use a security plugin to counter brute force attack.
- Set a strong password which should compulsorily be combination of characters (both Upper and lower case), numbers and special character (#, *, &, $, etc).
Plugins to counter Brute Force Attack
- Limit Login attempts: This plugin will block the user after he/she enters wrong details more than once or twice.
Google Authenticator: This plugin provides two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry.
- Wordfence: It a free plugin with enterprise level of security. It has firewall, anti-virus scanning, malicious URL scanning.
- Better WP Security: This is also a quality plugin which is free and can be used to limit login attempts and secure many things. For more details about Better WP Security, read this article, Improve WordPress Security using Better WP Security plugin.
Using the above steps will ensure maximum security against the Brute Force attacks. But the worst thing can always happen, so always take regular back ups of your wordpress blog. If something worst happens then you can always recover to the previous state with your backups.
Tags: Wordpress Security