ComLuv

CommentLuv authors show their wares

  • Home
  • Guest Bloggers
  • Help Desk
  • Download
    • CommentLuv WordPress
    • CommentLuv Blogger
    • TwitterLink Comments
  • Write for us
You are here: Home / Newsletter / How to secure your wordpress site – free plugin to combat hackers

How to secure your wordpress site – free plugin to combat hackers

June 27, 2013 by andy Leave a Comment

Post Views for May :
  • Bio
  • Twitter
  • Latest Posts
  • Write For Us
andy

andy

I am the creator of CommentLuv Premium
andy

@commentluv

Follow @commentluv
andy

Latest posts by andy (see all)

  • Godaddy coupons and vouchers for .com and .hosting - March 16, 2015
  • Go Burrito Lancaster Reviews - March 12, 2015
  • Fired Wok Chinese Takeaway and Delivery Lancaster – 01524 36000 - February 27, 2015
andy
You can get your own content published on this site as long as you have CommentLuv installed on your site.

Doing so means you get exposure to thousands and thousands of other CommentLuv users and your posts get sent out to the massive subscriber list.

Google loves this site and indexes it multiple times per day and posts always get lots of comments so you can be sure of some excellent exposure.

See the Write For Us page for more details

btw.. you can get this author box here

hacker bots trying to hack your passwordsScary picture!

I get this quite often… sort of scary huh?

it really is amazing how many times my site gets bombarded by a bot trying to guess passwords to my account..

there are a few things you MUST do to secure wordpress from hackers.. here’s a quick and dirty list (keep reading below for a free plugin I made to help with this.)

  1. Change your administrator account from admin to something else
    You need to do this because the vast majority of hack attacks and brute force password attacks are for the admin account, if you remove it then you stop the attack before it can happen.it’s easy to do.. just follow these steps
    • create a new account with your chosen username
    • set the account as administrator (check first to make sure you can log in and do administrator privaledge things
    • always always ALWAYS choose a password that you would not find in a dictionary. Preferably with &*^ special characters
    • delete the admin account and set all posts to be by the new account you created
  2. Choose a good password
    And by “good password” I mean one that is not in a dictionary! please make sure it’s at least 8 characters (9 is better) and it uses numbers and/or special characters like *^$
    And for gawds sake, don’t use the same password on your WordPress account as you do on other peoples sites where you have joined! (some dodgy admins monitor them and try them on your gmail or yahoo account)here’s a list of  the 25 most popular passwords, make sure you’re not using one of them!
      1. password
      2. 123456
      3. 12345678
      4. 1234
      5. qwerty
      6. 12345
      7. dragon
      8. pussy
      9. baseball
      10. football
      11. letmein
      12. monkey
      13. 696969
      14. abc123
      15. mustang
      16. michael
      17. shadow
      18. master
      19. jennifer
      20. 111111
      21. 2000
      22. jordan
      23. superman
      24. harley
      25. 1234567

     

  3. Limit login attempts
    I’ve been doing this for quite a while, a normal user may try 4 or 5 times to log in before they request a reset, there’s no way that someone would try 100 times so make sure you limit the amount of times someone can try before locking them out for a certain amount of time

    Here’s a free plugin that I use to limit the amount of log in attempts.Limit Login Attempts plugin

     

  4. Watch what users do on your site
    By this, I mean keep an eye out on user activities if you allow people to register to your site.There’s a really useful plugin for this called threeWP Activity Monitor which I’ve been using for some time because it can also be filtered to allow recording of other things like downloading files (useful to see if someone downloaded CommentLuv from the members site!)it will also record attempts to log in.

    OMG you will get scared when you see how many attempts are made to your admin account! see this

    hacker passwords
    from threeWP activity monitor page

    You might want to see the passwords that hackers are using so you can make sure you don’t use them for your accounts! that’ll help to secure wordpress and other sites you have.

  5. Ban users who repeatedly try wrong passwords
    There’s another free plugin that I use to ban users who have attempted too many logins (or any amount of logins to ‘admin’)

    it’s called WP Ban and it’s helpful to make sure newbie hackers don’t come back (it’s also useful for banning trolls from your site)

    IP bans
    click to enlarge

    It’s probably a good idea to clear out the ban list now and then so you don’t compromise the performance of yoru site when every visitor gets checked against every IP on your ban list.see below for how to automate this with a free plugin I made

There are some other things that you can do to secure WordPress, Regina Smola has some on her post “WordPress Security and Comments (3 Mistakes Blog Owners Make)”

Free plugin to secure your WordPress site

I got tired of doing it manually when I received a notification email so I made a plugin  to automatically add someone to the ban list if they attempt to log in too many times with the wrong password.

It requires you to have Limit Login Attempts and WP Ban so make sure you install them and configure them first..

what it does is monitor any emails that your site sends and when it detects one from the Limit Login Attempts plugin to notify you of a user being locked out, it automatically adds them to the ban list like this

auto ban login lockout message
click to enlarge

Make sure you have set your limit login attempts to notify you if someone was locked out (see below)

limit login attempts settings
make sure you tick this box in limit login attempts

It adds :) to the end of emails where it hasn’t banned someone so you know it’s working properly without having to wait until someone gets banned!

Download the ebook now

Related Posts
Overcoming The Taboo Of Bipolar Disorder
Overcoming The Taboo Of Bipolar Disorder
Good E-Mail Marketing
Good E-Mail Marketing
Migration Succesful! what next? contests, courses, videos?
Migration Succesful! what next? contests, courses, videos?
BOL newsletter 50 – great feedback that causes work and look at my chicken!
BOL newsletter 50 – great feedback that causes
Is Internet Technology Creating a Nation of Recluses?
Is Internet Technology Creating a Nation of Recluses?
prev next
Filed Under: Newsletter Tagged With: brute force, hack attack, limit login attempts, secure wordpress, wp ban
Tweet
PinIt

Subscribe To Updates






Popular Categories

  • Blogging (338)
  • Tutorials (162)
  • Newsletter (153)
  • Health & Fitness (139)
  • Hints and Tips (126)
  • Business (123)
  • Lifestyle (105)
  • SEO (103)
  • Marketing (101)
  • technology (100)

Choose a Category

Do You Like CommentLuv?

CommentLuv on G+

Recent Comments

Haha... You are right.. Agree with you.... Thank...
I am soon going to start a top 10 list blog becaus...
Your comment is awaiting moderation. Of course,...
Thanks for sharing the tip Troy. I have never thou...
I love the idea you mentioned of using I again and...
Shouldn't you be able to show you are unique by po...
Nowadays finding a profitable niche is a very diff...
In my opinion SEO , consistancy and social media a...
I think youtube is the best medium to increase soc...
I think youtube is best medium to increase social ...

Featured Video


EasyAzon Plugin

CommentLuv Offer
godaddy vouchers

Return to top of page

Using News Theme on The Genesis Framework ·Copyright © 2015 · Log in