More from your blog

RESOURCES FOR BLOGGERS

WordPress Users ~ A Few Things to Help Prevent The WP Attack!

1 Comment


Many many WordPress sites are being attacked by hackers. In technical terms, this is a brute-force WP attack. This started last week and has extended into this week. Most major hosts are working 24/7 on this attack and taking preventative measures. There are some things that you can also do to help prevent your own site(s) from being attacked.

This is a summary of the attack courtesy of the WP Plugin, Wordfence: “Brute force attacks are ongoing, and this is simply an increase in frequency. A brute-force attack is a relatively unsophisticated attack where one or more remote machines try to guess your password.”

Symptoms of this current attack: your site is running slowly, especially your WordPress dashboard. You can’t login to your WordPress dashboard.

Steps to take:

Change your Admin username. When WordPress is installed, it created an “admin” username that has full access to your site. Create a new administrative username (make sure to confirm the new name via email, then do a test login with the new name!) and delete “admin” as soon as possible. For this attack, this is the NUMBER ONE most important thing you can do. According to Techcrunch, this attack is aimed at Admin logins and is trying to gain access to WordPress by hacking those Admin logins.

Install the plugin Wordfence, which can limit the number of failed login attempts among taking other important security steps. Installing this plugin is a huge step in the right direction.  Set the number of failed logins and other important things in the “options” section of this plugin.

Back up your blog!  Use WP Online Backup and run a full backup and download that backup to your computer.

Change all of your WP passwords.  This includes passwords for any VA’s you may have.  Make them crazy hard to remember.  Include at least one capital letter, one lowercase letter, one number and one character.  Try and make the entire password at least 8 characters.

Those are the simple things you can do to try and prevent this attack.
You can also do the following if you’re really paranoid:
• install CloudFlare, which has kindly been made into a free version for everyone.
• install and run the Google Authenticator plugin, which creates a two-step login process.

Don’t freak out! Doing these things should keep your site safe! Just do them now!

Trackbacks

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclosure Policy

As of December 2009, the FTC requires all Blogs generating any source of income to have an official … Read More

---> Registry Must Haves
---> How to Start a Lifestyle Blog
---> What's in My Hospital Bag

How to Start a WordPress Blog

There are many reasons why you might want to know how to start a blog. Maybe you have a business and want to supplement your online activity with a blog. Good idea! Maybe you want to start an online diary of your life. That's fun too! Maybe you want to start a fashion blog, or a … Read More