With all the news regarding attacks on WordPress sites, you may be wondering how to secure your website.
First, some background on the attacks.
In general, the attacks are nothing new and happen all the time. What is new, however, is the scale of these intrusions. According to CloudFlare, a content delivery network used by many WordPress sites, they recently deflected “60 million requests against WordPress customers in a single hour.” That is a whole lot of nefarious activity.
You may be asking “why should I care and what should I do about it?”
To answer, it is probably necessary to explain more about the attacks. Computers using sophisticated scripts are generally carrying the attacks out, not pimply-faced teenagers in their parents’ basements. These scripts try, very methodically, to get to your WordPress admin page and then attempt to login by entering endless combinations of usernames and passwords. Because of the unsubtle nature of these attempts, security experts often label them “brute force” attacks. With modern computers and their associated hardware, many attempts can be made in a short time. If the perpetrators get in, they can install malicious software that can send out spam emails or engage in other unwanted activity.
What can you do about the attacks?
First, don’t panic! Second, if you are a Blue Zoo customer, rest assured that we take security extremely seriously and have taken measures to prevent these kinds of attacks on your site.
Here are some simple things to secure your WordPress website:
- The best and easiest thing that you can do is to ALWAYS use complex passwords. The general recommendation is to create passwords that are at least eight characters long and to use a mixture of at least three of the following: upper case letters, lower case letters, digits and symbols. The longer the password the more secure it is. Avoid using obvious patterns or words that could be found in a dictionary (of any language). You should be thinking random here.
- Use password generating software to create more secure passwords and store them for you. Examples are KeePass and LastPass.
- Use different passwords for every website. Many people use the same password on multiple sites. This would give the cracker of one site’s password a free pass into other sites that you may use or administer.
- Change the username “admin” in your website’s admin area. “Admin” is sometimes the default username for the administrator in WordPress and hackers can use it to get into sites.
- Use a host with good security. Whoever develops your site should too. At Blue Zoo Creative, we make security a high priority. We understand the value of your website. It is the digital backbone of your business.
Following the above advice should protect you from most brute force attacks.
If you have any questions regarding website security, WordPress, or anything else, please give us a call or send an email.