Last Updated on August 27, 2015 by Nicholas Ho
Protect your WordPress login by installing WordPress a Security Plugin, it will offer protection against “brute force” attacks using continual ‘bot’ retries. WordPress login hacking is the most popular form of hacking technique. Your website is a business asset and should be protected, this article will describe a few options in protecting your website.
How does hacking work?
Why would anyone want to attack my website? I am just a small business. The world of hacking is predominantly automated and therefore non-discriminatory. Software programs known as ‘bots” rummage through a list of websites and check for security vulnerabilities; by far the easiest vulnerability is WordPress login credentials. The ‘bots’ are automated to the extent that it will autodiscover websites, attack it and the owners of the ‘bot” are largely unaware until the ‘bots’ report back with success. Most website owners are under the impression that hack attacks are mainly targeted, this is definitely not the case unless you have something really important to steal. So just to reiterate, most attacks are automatic.
5 WordPress Security issues that you should be aware of as a website owner
- Brute Force attacks on WordPress Login – which seems to be the most popular because most website owners have no security training, as a result they do not take precautionary steps such as setting up complex passwords and changing default login details. The hackers have access to more powerful computers making it is getting easier to hack username and passwords. Unfortunately this makes having additional security techniques so important to guard against this type of attack.
- Attacking out-of-date WordPress versions and Plugins – no software is infallible, as new security hacking techniques are discovered; security flaws will be found, so keeping WordPress and plugins up-to-date is so important
- Database attacks – ‘bots’ can try a range of database command strings to directly access (otherwise known as SQL Injection attacks0 the WordPress database and steal and/or modify content of your website.
- Spam Commenting – If you allow visitors to leave comments then you open yourself to the comments that sell “jewellery”, “drugs” “information products” etc.
- File Permissions – Some files are more important than others and contain vital security information about your website: so it is best to secure and backup the critical files.
Some Simple Strategies to Protecting your WordPress Login
- Changing the default “admin” to another login name
- Inserting a Captcha field into the login screen
- Ensuring that you have a strong password
- Changing the default location of wp-admin to another location [advance]
- Switch off login auto-registration
- And most Important – Install a WordPress Security plugin
Website Traffic Stealing
One of the worst consequence of auto-attacks is what I call website traffic stealing. You experience a sudden spike in traffic and you are so excited, you think to yourself that “more traffic is going to have a positive impact on my business”. Unfortunately when you have a closer inspection of Google Analytics you discover that the traffic was predominantly from a foreign country, a non-English speaking country. So unfortunately the new visitors are trying to hack into your website and they have skewed your website statistics. In fact 42% (ru and pt-br) of the traffic is suspect and worthless. In this case you will need both a security strategy and an analytic reporting strategy to filter out the noise.
Recommended WordPress Security plugins
All In One WP Security – this is a great product. Very customizable with lots of options and it comes with a dashboards which is fantastic. Warning! is it a bit technical and the tech needs to know what to do before creating the settings because you can do things like accidentally lock yourself out.
It is an excellent product and it is Netology’s preferred security plugin.
Wordfence – this is another great product. Very easy to use.
It is very popular with WordPress owners because the product is preconfigured and the owner can leave the defaults settings and it will secure your website. It includes a Firewall, Virus Scanning and a cache engine to make your website faster (some web hosting companies offer this as a service as well).
It has some really nice features such as giving you information about blocked IP addresses and live site activity.
Other security plugins worth considering
- Bulletproof Security – https://wordpress.org/plugins/bulletproof-security/
- Securi Security – https://wordpress.org/plugins/sucuri-scanner/
We have not used the last two listed products but they seem to be popular amongst the wordpress community.
Protecting your WordPress login should be a top priority. Gaining access to your WordPress login is the easiest method to gain control over your website. You should definitely consider installing a WordPress security plugin as an essential step.