WordPress Hacking – Some Security Tips

I’d like to thank the hacker with a Ukrainian IP address that tried 10,001 times during 1 hr yesterday to hack into my blog – in the end though you did not succeed. There were a mere 20-30,000 other attempted hacks from a range of addresses; in all cases it was one particular page that was the target. As a result here are some tips for other WordPress users in order to restrict access to your blog to hackers.

  1. Create a new admin account with a random login nonsense login name and password that is classed as strong.  Your main admin account should not be called “admin” or anything similar.
  2. Ensure you have only one admin account, downgrade all others to something like author or contributor. Also change their passwords after completing this task.
  3. Install the “Limit Login Attempts Plugin” – this prevents the 10,000 or so logins from occurring and will lock down the admin account if required.
  4. The admin user should not write content, all content should by by one of the other classes of user.
  5. Install the Sucuri Sitecheck Scanner Free plugin and scan your blog frequently for malware.
  6. If you host your blog yourself you should probably also consider an SSL certificate to ensure logins not sent unencrypted. Contact your hosting provider for more information. I am also not an expert on installing these.

Prior to the attack I had been using multiple user accounts and also the Sucuri scanner (after  a scare last year). Overtime I am sure hackers will try again but I hope the 6 tips above will prove useful in preventing them from doing so also please do a search online for more exhaustive tips as I not a WordPress or security expert.

This entry was posted in security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *