How to secure your wordpress site – free plugin to combat hackers

• Bio
• Twitter
• Latest Posts
• Write For Us

andy

I am the creator of CommentLuv Premium

@commentluv

Follow @commentluv

Latest posts by andy (see all)

• Godaddy coupons and vouchers for .com and .hosting - March 16, 2015
• Go Burrito Lancaster Reviews - March 12, 2015
• Fired Wok Chinese Takeaway and Delivery Lancaster – 01524 36000 - February 27, 2015

You can get your own content published on this site as long as you have CommentLuv installed on your site.

Doing so means you get exposure to thousands and thousands of other CommentLuv users and your posts get sent out to the massive subscriber list.

Google loves this site and indexes it multiple times per day and posts always get lots of comments so you can be sure of some excellent exposure.

See the Write For Us page for more details

btw.. you can get this author box here

Scary picture!

I get this quite often… sort of scary huh?

it really is amazing how many times my site gets bombarded by a bot trying to guess passwords to my account..

there are a few things you MUST do to secure wordpress from hackers.. here’s a quick and dirty list (keep reading below for a free plugin I made to help with this.)

1. Change your administrator account from admin to something else
   You need to do this because the vast majority of hack attacks and brute force password attacks are for the admin account, if you remove it then you stop the attack before it can happen.it’s easy to do.. just follow these steps
   • create a new account with your chosen username
   • set the account as administrator (check first to make sure you can log in and do administrator privaledge things
   • always always ALWAYS choose a password that you would not find in a dictionary. Preferably with &*^ special characters
   • delete the admin account and set all posts to be by the new account you created
2. Choose a good password
   And by “good password” I mean one that is not in a dictionary! please make sure it’s at least 8 characters (9 is better) and it uses numbers and/or special characters like *^$
   And for gawds sake, don’t use the same password on your WordPress account as you do on other peoples sites where you have joined! (some dodgy admins monitor them and try them on your gmail or yahoo account)here’s a list of  the 25 most popular passwords, make sure you’re not using one of them!
   1. password
   2. 123456
   3. 12345678
   4. 1234
   5. qwerty
   6. 12345
   7. dragon
   8. pussy
   9. baseball
   10. football
   11. letmein
   12. monkey
   13. 696969
   14. abc123
   15. mustang
   16. michael
   17. shadow
   18. master
   19. jennifer
   20. 111111
   21. 2000
   22. jordan
   23. superman
   24. harley
   25. 1234567

    

3. Limit login attempts
   I’ve been doing this for quite a while, a normal user may try 4 or 5 times to log in before they request a reset, there’s no way that someone would try 100 times so make sure you limit the amount of times someone can try before locking them out for a certain amount of time

   Here’s a free plugin that I use to limit the amount of log in attempts.Limit Login Attempts plugin

    

4. Watch what users do on your site
   By this, I mean keep an eye out on user activities if you allow people to register to your site.There’s a really useful plugin for this called threeWP Activity Monitor which I’ve been using for some time because it can also be filtered to allow recording of other things like downloading files (useful to see if someone downloaded CommentLuv from the members site!)it will also record attempts to log in.

   OMG you will get scared when you see how many attempts are made to your admin account! see this

   

   from threeWP activity monitor page

   You might want to see the passwords that hackers are using so you can make sure you don’t use them for your accounts! that’ll help to secure wordpress and other sites you have.

5. Ban users who repeatedly try wrong passwords
   There’s another free plugin that I use to ban users who have attempted too many logins (or any amount of logins to ‘admin’)

   it’s called WP Ban and it’s helpful to make sure newbie hackers don’t come back (it’s also useful for banning trolls from your site)

   

   click to enlarge

   It’s probably a good idea to clear out the ban list now and then so you don’t compromise the performance of yoru site when every visitor gets checked against every IP on your ban list.see below for how to automate this with a free plugin I made

There are some other things that you can do to secure WordPress, Regina Smola has some on her post “WordPress Security and Comments (3 Mistakes Blog Owners Make)”

Free plugin to secure your WordPress site

I got tired of doing it manually when I received a notification email so I made a plugin  to automatically add someone to the ban list if they attempt to log in too many times with the wrong password.

It requires you to have Limit Login Attempts and WP Ban so make sure you install them and configure them first..

what it does is monitor any emails that your site sends and when it detects one from the Limit Login Attempts plugin to notify you of a user being locked out, it automatically adds them to the ban list like this

Make sure you have set your limit login attempts to notify you if someone was locked out (see below)

It adds to the end of emails where it hasn’t banned someone so you know it’s working properly without having to wait until someone gets banned!

Related Posts

Overcoming The Taboo Of Bipolar Disorder

Good E-Mail Marketing

Migration Succesful! what next? contests, courses, videos?

BOL newsletter 50 – great feedback that causes

Is Internet Technology Creating a Nation of Recluses?

prev next