Home » Social Media » Prevent WordPress Brute Force Attack On Your Blog

Prevent WordPress Brute Force Attack On Your Blog

A day ago, I bumped into a blog post from HostGator reporting a Global WordPress brute force attack.

What a lazy soul I was ?!!

I procrastinated taking precautionary measures and BAM!

I’ve seen my brand new blog being attacked and intruded. Before the attack had happened and I got to see a message – “account has been suspended for my-blog.com” when I attempted to login to the admin dashboard, I experienced a weirdly sluggish load time in my admin panel. Also, while I tried uploading a template, I was thrown a message saying “WordPress Violation” and then the site just crashed.

I got the whole thing fixed through my hosting provider. They just reinstalled the blog for me and I now set it up on Joomla.

I was very lucky coz there was no data for me to loose as it was an absolute new blog.

So my dear co-bloggers, this post is to help you make sure that you are not sailing in the same boat as I did.

I went back and re-read the post by HostGator and another by CloudFlare. They say that the attack is a large scale one, wherein the hackers are trying to use home PCs and then get access to hosting servers so as to make the WordPress Brute Force attack profoundly viral. The attackers are still anonymous and none knows when this whole WordPress attack hoopla will cease. All that is in our control is taking some precautions to dodge the attack.

WordPress Brute Force Attack

Ensure that your blog is safe from the WordPress brute force attack

 

Change admin user name – PCMag reports that the most targeted accounts are those with the user names ‘admin’, ‘test’, ‘administrator’, and others akin to these. If you have an admin login username like any of these then the first thing to do is change it.

There are many workarounds for this like installing a WordPress plugin. But I guess the easiest way to go about it is to create a new user account, give that user the administrator rights, and then delete the vulnerable ‘admin’ user by logging  into the newly created admin account.

Make a stronger password – Check if your existing password is as per the WordPress password creation guidelines. If you are not sure what the guidelines are, go to your user account and scroll down to ‘About Yourself’ section where you are given an option to set a password. Right there you can find the password guidelines by WordPress saying ‘Hint’ in italic text. While changing the password make sure that the strength indicator goes green.

 Upgrade the CMS –  Upgrading to the latest version of WordPress CMS can help you mitigate the risk and minimize the chances of getting your account compromised due to the so called brute force attack. It is believed that the hackers may not be fully aware of the tricks to hack the latest release.

Deploy the two way authentication feature – The two way authentication is one where you can access your account by entering a security number into the login panel. The security code will be sent to your mobile once you attempt a login. You can implement this by installing a plugin (check for it in the WordPress plugins directory) in your blog.

Use Security plugins – There are many security plugins that can come handy like WordPress Firewall 2, Limit login attempts, Sucuri WordPress Security Plugin to avoid brute force attacks. Consider activating one or more such plugins to ensure an extra layer of security for your WordPress blog.

Its high time that you be proactive in taking a quick step to prevent the Global WordPress Brute Force attack on your WordPress blog, unless you want to see yourself repent like me in no time. I was lucky for having a new blog compromised; you may not be.

Do share your ideas to improvise WordPress security if any and also, share your experience if you have been unlucky with this viral attack in the comment box below.

Update

One of the readers suggested through comments that we must have a back-up plugin ready, just in case we happen to loose all the Blog’s data.

Thank you Naveen for the advice. I was so ignorant of this simple tip. I’m sure it added great value to all of us.

Another reader posted another nice suggestive comment. Samir advices to install a CAPTCH for the login panel. Thanks Samir.

About Rahul

Rahul is a team member of Litabi.

Check Also

social-media-tools-for-business

5 Social Media Tools You Must Use For Your Business

Running an effective social media campaign for your business is not a walk in the …

47 comments

  1. This is the time to secure our WordPress blogs to avoid our hardwork goes vain.

    I’ve faced the similar issues like that I noticed that the attacks from over 4 more IP addresses and from one IP address there were over 50 log-in attempts.

    Fortunately I’ve saved my blog by limit login attempts Plug-in.

    The important thing every blogger should do is ensure back ups, we can install some plug-in to back up wordpress datas to restore the site, if unfirtunately we loss datas by the attack.

    Thanks to the wonderful post.

  2. Good Article Anusha! The attacks are increasing day by day with very bad consequences. I hope these simple steps you have mentioned about will really help bloggers to stay away from Brute Force attack. Hope WordPress soon finds a way out of this spam!

  3. Nice article anusha keep going! expecting more specific on wordpress security also although the my blog has security plugins they tried 16 attempts and finally injected trojan in that which site crashed and Now am in Recovery mode!
    thank for updating a useful article for bloggers!

  4. Nice blog Preethi.
    One point should be added:
    Use Captcha WordPress plugin for login page to secure site from robotic attack from multiple times login.

    Here is the information:
    http://lilithdark.com/how-to-add-captcha-to-your-wordpress-login-page/

  5. Nice article Anusha. All the features are good for protecting WordPress. Apart from that two way authentication is very useful and strong.

    Thanks
    Mohd Aktar

  6. Hi, Good Article Preethi. Now a days many blogs are getting hacked which is also increasing day by day. You have really shared some cool tips to save our blog from WordPress brute force attack. The another main thing i want to add here i.e. We need to backup our blog regularly so that we can easily restore our when any attack takes place. Thanks for sharing this Great Tips 🙂

  7. Thanks for sharing this info Anusha. This post is really informative. I’m using “Better WP Security” plugin to prevent attacks.

  8. You are so cool! I do not suppose I have read through
    anything like this before. So wonderful to find somebody with original thoughts on this topic.
    Really.. thanks for starting this up. This web
    site is something that’s needed on the web, someone with a bit of originality!

  9. If you are going for finest contents like me, only go to see this website every day as it offers quality contents, thanks

  10. I have read so many articles or reviews regarding the
    blogger lovers but this post is really a fastidious paragraph, keep it up.

  11. how do you get theses custom maps like a website or what

  12. Hey there! I’ve been following your site for some time now and finally got the bravery to go ahead and give you a shout out from Humble Texas! Just wanted to mention keep up the good work!

    • Glad that you like my work. And there is nothing like you need bravery to get to me.. I’m always there for my readers and would keeps my ears open for you. 🙂

  13. I am really enjoying the theme/design of your weblog.
    Do you ever run into any web browser compatibility problems?

    A number of my blog readers have complained about my blog not
    operating correctly in Explorer but looks
    great in Safari. Do you have any suggestions to help fix this problem?

    • No, I have not faced any such problem so far. However, soon after installing the theme I checked its compatibility with various browsers and OS using browesrshots.com .

      Many blogger also insist on using the thesis or genesis themes to avoid this problem.
      Which theme do you use?

  14. Since the admin of this site is working, no question
    very quickly it will be renowned, due to its feature contents.

  15. Hello There. I found your weblog using msn. This is an extremely well written article.

    I’ll be sure to bookmark it and return to learn extra of your useful information. Thank you for the post. I’ll certainly
    return.

  16. With havin so much written content do you ever run into any issues of plagorism or copyright infringement?

    My blog has a lot of completely unique content I’ve either created myself or outsourced but it appears a lot of it is popping it up all over the internet without my permission. Do you know any methods to help prevent content from being ripped off? I’d truly appreciate it.

    • I too faced this a lot with my other blog. Really gets on to our nerves. As a precaution I have implemented the DMCA badge in this blog (scroll to the footer to find it). I guess the copyscape premium a/c must help as its features sound impressive. I am yet to get it.

  17. I am really impressed with your writing skills and also with
    the format to your blog. Is this a paid subject or did you customize it your self?
    Anyway keep up the excellent quality writing, it’s rare to look a great weblog like this one today..

  18. Thank you for the compliment Fischol 🙂

  19. I’m glad that you found this post useful Pasty. 🙂

    I’m sorry I did not understand your question. Please rephrase it.

  20. Thank you free 🙂

    I guess the most valid suggestion for aspiring writers would be – Get to work. Start writing and you’ll learn all the hints and tricks with time. Imitating someone’s style of writing can help to start. But it must be kept in mind that imitating can only help to start and get better. One has to put in ones own ideas and style to sustain.

    And the blogging platform you choose can matter a lot. I like Blogger and WordPress (.org) personally. I find them easy and handy.
    Hope this helped you. I’d love to see your new blog/website soon.

    All the best 🙂

  21. Very nice post. I just stumbled upon your blog and wanted to
    say that I have really enjoyed surfing around your blog posts.

    In any case I will be subscribing to your rss feed and I hope you write again very soon!

  22. Hey! Someone in my Facebook group shared this website with us so I
    came to check it out. I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers!

    Wonderful blog and amazing style and design.

  23. Hi Preethi,

    When I read comments in my own blog, there are same words in your blog also. and I realized that most of comments are spam.

    Here is the list of spam wordpress comments.
    http://m.gizmodo.com/5925990/the-hugest-most-verbose-and-least-grammatical-cache-of-spam-comments-ever

    Search your comments on google, u will get some same words in other blogs also in comments.

    Use CAPTCHA on comment posting section.

  24. To my bad luck, my WordPress blogs had been affected and somehow I recovered and now am out of the danger.

  25. Am new to wordpress and have been learning some useful stuffs related to it.

    This post helped me to learn about the WordPress security and its related plugins.

    Sure, will do as you told to protect my WordPress account 🙂

  26. Hi,

    I never paid attention to the security of my blog, but it was around 3 months ago when I was just to launch StyZic, I heard of it. It was the first time I did so much for security and since then I have not done anything else. Lot of plugins, tweaks, custom code changes, and some bullshit makes me feel secure.

    You’ve mentioned good points but believe me they aren’t enough to secure from hack attack, although a normal brute force will not go long with these tips. Good luck blogging. 😉

  27. Well, recently Brute force Attacks has immensely increased, becoming a dangerous factor for all WordPress users, but it is a thing, which is fight-able, I mean, by using security methods, we can move brute force attacks out of the window. Although, it can be difficult for newbies, who just got started with WordPress, but he/she can learn by reading posts online and then can implement security.
    In my view, implementing only three tricks works very well, Changing Login Slug, A content Delivery network (CDN) and a Security Plugin, which bans IP address after a few Login attempts.

Leave a Reply

Your email address will not be published. Required fields are marked *