If you used the standard install settings for WordPress, you really need to read this because your installation is probably under attack right now.
Most of my sites use WordPress and I can guarantee that hackers are constantly trying to log in as admin or install malicious software on my sites. Every day, I can see that hackers are trying to install something on at least one of my sites. How do I know? I installed plugins that prevent the attacks and send me an email alert.
Easy Steps to Protect Your WordPress Site
- Change the default administrator name. The default is admin. Change it to something else! Notice the screen capture above. Don't use administrator either.
- Make sure your password is hardened. Passwords should contain upper and lower case letters, numbers, and special characters such as @#$%&*. Password should be at least eight characters long.
- Install the free plugin Limit Login Attempts.
- Limit Login Attempts will prevent a bot from being able to continuously try different passwords. After reaching the limit of attempts, the user is first locked out for 20 minutes. After 4 lockouts, the user is locked out for 24 hours. You can change the setting.
- Turn on the email the admin setting.
- Install the free plugin, WordPress Firewall 2.
- Even though this plugin has not been updated in quite a while, I have successfully installed it on WordPress v. 3.5.2
- I leave the default settings as is.
- If you work from more than one location, you will need to whitelist your IP number for each location.
- WordPress Firewall 2 protects your installation from WordPress specific attacks.
- You'll get an email containing the attacker's IP number.
That's it! If there is an attempt on your site, you'll get an email.
If you've already been hacked, then read FAQ My site was hacked at WordPress.org.
Social tagging: admin > hacker > limit login attempts > security > WordPress > wordpress firewall 2
