As you may be aware, users of WordPress sites are having one of the most fierce attacks happen to them in years. There are over 90,000 IP addresses invoking this attack on WordPress sites with brute force. The reason for the attack is unknown.
As a blogger, I’m nervous myself. It makes you wonder if you should have built your site from scratch, rather than use WordPress. But WordPress is a cheap easy way to get your business up and running and thousands of businesses run not only their blogs on the platform, but their entire website. That’s a big investment. For small businesses or sole proprietors it’s their bread and butter.
However, there are some things you can do to protect your site, and if your site does get hacked, you’ll be able to restore it.
- Install a security scan.There are quite a number of plugins available for you to install a scan that will alert you of failed login attempts or failed password attempts. They also alert you to bots, crawlers, malware, and more. Some recommendations for security plugins are:
- Sucuri Security Scan – http://wordpress.org/extend/plugins/sucuri-scanner/
- WP Security Scan – http://wordpress.org/extend/plugins/wp-security-scan/
- Login Lockdown – http://wordpress.org/extend/plugins/login-lockdown/
- BulletProof Security – http://wordpress.org/extend/plugins/bulletproof-security/
- WordFence – http://wordpress.org/extend/plugins/wordfence/
- Backup your WordPress site.If you should be the victim of a malicious attack, then make sure you have a backup of your WordPress site. A new client of mine has had this happen to her twice and she had to rebuild the website from scratch the first time, and luckily she had a backup of the site the second time. I know you might think, “why would anyone want to hack my site?” But it’s not personal. They just want something fun to do. It’s like a game to them. Some recommendations for backup plugins are:
- BackupWordPress – free – http://wordpress.org/extend/plugins/backupwordpress/
- Backup Buddy – costs $75 (2 licenses) http://ithemes.com/purchase/backupbuddy/
- Blog Vault – costs $9/month http://blogvault.net/
- Online Backup for WordPress – Free – http://wordpress.org/extend/plugins/wponlinebackup/
For more backup options see this post from ComputerWorld.
- Change your password. You should be changing your password frequently, about every 90-180 days. You should also make it complex with:
– At least 1 capital letter
– At least 1 number
– At least 1 control characters (such as: $#%@!&*?<>)
– At least 8 characters or longer
- Don’t let people subscribe to your blog. I know this sounds counter intuitive. But savvy readers of your blog probably make use of your RSS feed and probably utilize things like Google Reader or BlogLovin.
- You can password protect your posts or site.Meaning you could put a password on your posts or site so that anyone viewing content would have to log in.For each post there is an option of the post visibility. It defaults to Public, but you could set it to Password:
You could also enable a password protect plugin:
- (CodeCanyon) Private Content plugin – cost $14/one time fee – http://www.projects.lcweb.it/privatecontent?lc_preview
- WP-Member – $47/1 site – http://wp-member.com/
Bonus: See this additional tips by Jim Walker http://hackrepair.com/protecting-wordpress-against-brute-force-attacks
We hope you don’t get hacked. And we hope we don’t either. But we’ve heard that it’s imminent with so many IP addresses behind the attack. Unfortunately, comments will be monitored carefully moving forward. If they look like spam or we don’t know you, it will get marked as such and deleted.
And, as a result of this attack, we deleted all registered subscribers to the blog and beefed up our security. So if your comment doesn’t get approved, or your registration was deleted, please don’t be offended. It wasn’t personal. The best way to receive our content is to put it in your RSS feed or subscribe to our newsletter (which is also monitored). We sincerely apologize for any inconvenience.