WordPress is an excellent tool that allows businesses to manage the websites from anywhere in the world. With this exceptional tool though, comes some exceptional targetting by hackers!
We’ve seen some unusual traffic in a couple of our sites in the past couple of months, and have since seen alot of articles outlining that what we’ve seen isn’t unusual. WordPress Sites across the world have been particularly targeted in the last few months.
In view of this, please take note of the following steps to take to protect your WordPress Installation and keep your very important business tool locked down!
- Ensure you’re password is strong!
“At this moment, we highly recommend you log into any WordPress installation you have and change the password to something that meets the security requirements specified on the WordPress website the company’s Sean Valant wrote. “These requirements are fairly typical of a secure password: upper and lowercase letters, at least eight characters long, and including ‘special’ characters (^%$#@*).” - Don’t use ‘admin’ as your username
The default username for WordPress is admin. So hackers usually don’t have to guess that! So make it harder for them by setting up your administrator username to something other than ‘admin’. - Limit WordPress Login attempts
Ars Technica recommends installing the Limit Login Attempts plugin to stop the attack from being able to try too many combinations of passwords to get access to the site. - Better Security Plugin
The Better WP Security plugin allows you to manage the security features in one place, a good feature to give you peace of mind is that ability to turnoff the ability to login for a period of time which is great if you’re going on holidays!
A good article from Ars Technica:
Remember to contact me if you need help setting up any of these plugins!