WordPress sites under attack

As reported by Cloudfare, Hostgator and several other webhosts around the world, WordPress sites are under a heavy attack by some sort of botnet which is using brute force technique to try and log in “admin” to various blogs by using over 90,000 IP addresses from around the world. While web hosts and Cloudfare are trying their best to fight off this attack, its high time you should take some steps to safeguard your blog as well.

Failed Login Attempts at NSpeaks by Malicious IPs
Failed Login Attempts at NSpeaks by Malicious IPs

Simplest and one of the most effective ways is to simply install this plugin: Limit Login Attempts┬áThis plugin will block any id trying to login into your site after a given number of failed attempts. You can configure the number of retries, get email notifications of when someone gets locked ou and configure the time for which the IP remains blocked. Its one of the most basic ways to secure your blog and is highly recommended if you haven’t been using any security method till now.

Second recommended step is to change your username especially if your username is a common one like admin, administrator or the blog’s name. Just create a new user id with some unique letters or something which only you can know and make it an administrator account. Now login using this new id and delete the original default account. That’s it. You are set now.

I have told you the most basic and one of the most effective security methods which will take just 5 minutes of your time. I will be writing a full blown post on securing your WordPress blog soon. And if you haven’t upgraded your blog till now, its high time you should do it.