settingsAccountsettings
Menusettings

Q: Bruce-Force Attack on WordPress Sites!

+13 votes
My WordPress site was hacked with Brute Force attack! I've recovered but I am writing this post to let you know that there is a massive BruteForce attack movement going on! Please share your ways of securing your WordPress site - so more people are prepared for the unwanted visitors!
asked in Web Design category by user eiorgert

5 Answers

+4 votes
Yeah, a lot of WP sites have been hit recently... more than 90,000 blogs and counting... Here are my methods I am using for my WordPress blogs:

1. NEVER, EVER use admin as your username! Forget it! use some other stuff instead! 50% of Brute force job is done by leaving admin as your default username!

2. ALWAYS BACK-UP your site(s). Whether they are HTML, Flash, Joomla or WordPress - use appropriate plugins, components, security based web services, etc.! Do not underestimate the backup process of your database and site as a whole!

Here are the plugins I am using to avoid my WordPress CMS site being hacked:
 
1. Limit Login Attempts - http://wordpress.org/extend/plugins/limit-login-attempts/ - easy to use WP plugin which will limit the rate of login attempts, including by way of cookies, for each IP. It is also fully customizable.

2. WP Database Manager - http://wordpress.org/extend/plugins/wp-dbmanager/ - always make a weekly or monthly back-up of your DB! The plugin also allows you to e-mail the backed up Database!

3. I am using one not that expensive WordPress plugin ($10) for bruteforce attack prevention - http://codecanyon.net/item/security-ninja/577696 - it really does a nice job!

4. Do not use passwords which are really easy to guess! Like: "admin," "qwerty," "123456" and "password" instead use capital letters, numbers, signs such as #&$*%^@ etc. Again - do not help hackers with their job!

At the end - be always prepared!
answered by user matthew44
+2 votes
Here is one tutorial about WordPress security you may find useful as well - http://tutorials7.com/how-to-protect-and-secure-your-wordpress-site.html Thanks, matthew44! Really nice suggestions!

And here is one recent video about the WordPress security - a nice one long 56+ minutes:

answered by user hues
edited by user golearnweb
+1 vote
Read more about Brute-Force attacks here - http://en.wikipedia.org/wiki/Brute-force_attack
answered by user richard8502
0 votes
Here is a video from Google team (explaining about malware):

answered by user andrew
0 votes
This article is a nice one for your wp security issues - http://www.dailyblogtips.com/wordpress-security-mistakes/

And this one: http://www.myoptimind.com/10-ways-to-improve-wordpress-security/  I hope it helps you in some ways.
answered by user ilinkthreesixty2
edited by user golearnweb
...