A brute force attack involves trying any and all combinations of commonly used passwords to gain access to an account or access to the administration section of your WordPress site. WordPress is one of the most commonly used frameworks for building websites today. Therefore, it should be no surprise that it is also one of the most commonly hacked as well. We believe that this threat warrants a list of tips, that when used, can thwart any attempts to gain access to your website.
\nHow can you protect yourself against these type of attacks on WordPress?
\n1 DELETE THE \u2018ADMIN\u2019 USER FOR YOUR WP SITE
\nOnce you have installed WP on your account, you will want to log into it by visiting http:\/\/www.yourdomain.com\/wp-login. Here you will be asked for your username and password to access the administration section. Navigate to the \u2018Add New\u2019 User section found at http:\/\/www.yourdomain.com\/wp-admin\/user-new.php. Although the WordPress minimum requirement is only 7 characters, Hostease recommends passwords of at least 12 characters. You will also want to be sure to select Administrator as the role for this new user from the dropdown menu at the bottom.Once you have created this new user, navigate to http:\/\/www.yourdomain.com\/wp-admin\/users.php, hover over the original Admin user and select \u2018Delete\u2019. If you have posts that were created by the ‘Admin’ user, you will be asked what you want to do with them when you are deleting this user. These posts are commonly re-assigned to the new user you just created.
\n2 CHANGE YOUR PASSWORDS REGULARLY
\nYou will want to update your new user\u2019s password every 90 days. Be sure to keep a record of passwords used, and do not repeat them. Always create new passwords when updating. We list deleting the admin user and updating passwords regularly as the most important factors since these are the main focus of a brute force attack. Do not use passwords like: admin, admin123, administrator, pass, password, password1, passwd, root, qwerty, q1w2e3, 000000, 123456, 987654321. If you are having trouble creating a strong password, consider a service such as those found at http:\/\/www.random.org\/passwords and http:\/\/strongpasswordgenerator.com. Additionally, if you have multiple users on your website, either set up a schedule for all to see that requires regular updates to passwords or let them know that you will be making the updates and will provide them with new ones regularly.
\n3 INSTALL SECURITY PLUGINS ON YOUR WP SITE
\nThere are a number of quality plugins that you can take advantage of for free from WordPress.org. Here is a short list to get you started:
\no Limit Login Attempts (http:\/\/wordpress.org\/extend\/plugins\/limit-login-attempts)
\no WP Login Security 2 (http:\/\/wordpress.org\/extend\/plugins\/wp-login-security-2)
\no Login Security Solution (http:\/\/wordpress.org\/extend\/plugins\/login-security-solution)
\no Bulletproof Security (http:\/\/wordpress.org\/extend\/plugins\/bulletproof-security)
\no 2 Factor Authorization by Duo Security (https:\/\/www.duosecurity.com\/docs\/wordpress)
\n4 PASSWORD PROTECT YOUR WP-LOGIN PAGE
\nFound in all control panels available through HostEase, password protecting your login page is another secondary effort that you can make. Look for the following icons in your control panel.<\/p>\n","protected":false},"excerpt":{"rendered":"
Learn how to safeguard your WordPress site from brute force attacks. Follow these essential tips: delete the default admin user, update passwords regularly, install security plugins, and password-protect your WP-login page.<\/p>\n
Let me know if you’d like to refine any details further!<\/p>\n","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[44],"tags":[531,532,533],"class_list":["post-982","post","type-post","status-publish","format-standard","hentry","category-website","tag-brute-force-attacks","tag-secure-passwords","tag-wordpress-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts\/982","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/comments?post=982"}],"version-history":[{"count":1,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts\/982\/revisions"}],"predecessor-version":[{"id":2154,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/posts\/982\/revisions\/2154"}],"wp:attachment":[{"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/media?parent=982"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/categories?post=982"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostease.com\/blog\/wp-json\/wp\/v2\/tags?post=982"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}