I thought the widely covered brute force attacks on WordPress sites were worth discussing in case any users aren’t aware of the this hot topic.

What are Brute Force Attacks?

Unlike hacks, brute force attacks take the easier approach of consistently trying to guess your username and password. Unfortunately, this works since not all site owners have the strongest credentials, especially those who still use the dreaded default ‘admin‘ username. Since brute force attacks don’t halt after a single failed attempt, they can take a devastating toll on your server memory causing performance issues.

How can you prevent brute force attacks?

To prevent these attacks on your WordPress site, follow these precautionary steps:

1. Do NOT use the ‘admin‘ username. Create a new user with Administrator rights. Log out and log back into WordPress as the new Adminstrator, and delete the user ‘admin‘.
2. Set a strong password with numbers, characters, and upper and lower case letters. Unfortunately, we occasionally see site owners with passwords that either match their domain, or are simple number strings such as 123456.
3. Protect your site using plugins. These are 3 plugins that I highly recommend – use the one (or two) that meet your needs:

• Limit Login Attempts – does what the name says.
• Google Authenticator – allows two-factor authentication to login to your WordPress site. For some, this may seem like overkill, but you can never be too safe.
• WordFence – a robust security plugin with built-in firewall, virus scanning, and a premium version to block specific countries.

Better Safe Than Sorry

Now that you’re informed, spend a few minutes to protect that awesome site. While you’re at it, take out the trash, spam, and erroneous users. Any questions or comments related to these brute force attacks, just ping us in the comments below.