If you have a WordPress blog or want to create one for your Freelance business there is one thing that you must do today… and this is to protect it against brute force attacks.
This is my first tutorial on Steemit, please let me know in the comments if you would like more of these.
Protect your WordPress Blog Against a Brute Force Attack!
What is a Brute Force Attack?
A brute force attack consists in trying to login into your WordPress blog from the login page using a combination of usernames and passwords. Hackers do not do it manually, but use bots to hammer your site until they can enter it.
The blog can receive a thousand login attempts in a very short time repeatidly everyday over a month.
These are the attacks I have on my blog at the moment.
As you can see, hackers have been busy on my blog.
It is protected and I will show you how to do it easily with a single WordPress plugin.
This is the email I receive when the blog is under attack.
All the important information you need to know about the attack is circled in red.
Let’s see now what the hackers have tried as username by guessing and research.
- admin: that’s the most used username (never use it yourself).
- Naiyanan: My wife’s first name, they get that from the WHOIS record.
- Meme: That’s a Facebook app to post updates.
- cutecoolkids: used in social media profiles.
- www DOT cutecoolkids DOT com: that’s the URL.
All these usernames they have tried are publicly available when researching the site on Google, so don’t use any username that is related to you.
Also, don’t forget to use a long password containing lower and upper case letters, numbers and special characters.
It is important to limit the number of attempts hackers can make and also kick them out of the dashboard in the event they succeed.
You certainly do not want thousands of automated login attempts to slow down your blog or crash the server.
For each round of attacks hackers use a different IP address so it's useless to block them, as some plugins suggest to do.
The easiest plugin to use and the most effective is called “Login Security Solution”.
After you have installed it, go to the “Settings” menu to locate the plugin’s setting page.
If you just use what is set by default you will be very well protected.
“Delay Tier 2” is where you enter your login limit. By default it is 5, but if you want to use 3, you can. Remember that you will have yourself only 3 attempts to login into your WordPress blog.
The plugin slows down response times after 5 failed login from 4 to 30 seconds and then after 10 failed attempts the delay becomes 25 to 60 seconds.
It makes it very hard for hackers using software to get into your site as they are quickly limited to one attempt per minute.
If the hackers can finally enter your site, they will be logged out immediately with this plugin.
You might have attacks going on right now and you don’t even know it…
Install this plugin, change your username and password today, and you will not have to worry again about Brute Force Attacks.
Let me know if that helps and post your questions in the comments below.
If you feel this post is useful please upvote. Follow me for more of these tutorials.