How strong is WordPress security? There has been a mumbling around the internet lately about a large scale brute force attack on WordPress.
They are not just targeting high profile WordPress websites. But are using a large network of bots to target any WordPress site they can find.
The attackers are attempting to brute force access to WordPress sites by hitting the wp-login.php with a dictionary password attack.
The belief is that the goal may not be to deface your site. Instead use it as a platform to launch an attack on other sites when needed.
- WordPress Security Tips
Rename your wp-admin folder :
You Should rename wp-admin folder then this make it much more difficult for automated bots to find, as majority of attacks rely on simply hitting it and guessing where it is.
Delete the admin user account:
Brute force attempts will try the username admin with password combinations, you need to add a different account and then delete the admin this will make dictionary attacks even harder.
Secure wp-config.php:
This puts it outside of browsable files but still accessible by WordPress. Or you can deny access via htaccess
- <files wp-config.php>
- order allow, deny
- deny from all
- </files>
Restrict Access to your IP:
Limit access your site to to the wp-admin and wp-login.php files from a set of specified IP addresses.
The disadvantages of that are you will not be able to log-in from different connection… to WordPress until you edit this rule.
Install an SSL Certificate:
It will not stop brute force attacks. However it will mean that whenever you login to your website your username and password are encrypted.
This can stop hackers snooping in when you are using Wifi or public networks. Cheap SSL certificate.
Install WP Security:
Better WP Security Plugin will automate many of the above tasks for you. It is by far the best option if you feel uncomfortable changing file settings yourself.
Use a WAF Service:
Cloud based Web Application Firewalls are becoming more popular nowadays.
They provide a simple way to help protect your website and provide more details about what is going on.