1. Morten Pedersen says:

    I have resently installed a plug-in called Better WP Security witch has many of these feauteres and much more. You can choose what to implement and it seems to be working just fine with my cache plug-in etc. So far I am very pleased with it.

  2. Saqib Razzaq says:

    Thank you so much for giving so many amazing tricks….Just downloaded Monitoring plugin…Loved your work.

  3. Twitter:
    Hi Andy,

    Very good tips. They are very common these problems: a weak password, the famous “admin” and no control of the attempts to login.

    I use Limit Login Attempts plugin on my sites and I try to set to limit the logins to the minimum.

    I’m using a new plugin Stealth Login to obscuring the WP login form URL and later to redirect to a custom URL, making hard to bots or hackers. I’d like to add to the equation, a Firewall plugin too.

    I didn’t have present threeWP Activity Monitor plugin will take a look.

    Also, I was banning directly on the host but this seems more practical, many thanks for the free plugin, I’ll try soon.

    Which is your opinion about multi-plugins like Wordfence Security or Bulletproof Security?


    Gera recently posted..50+ Restaurant WordPress Themes – Impress and Have More CustomersMy Profile

  4. Twitter:
    You’re awesome Andy! I know that lots of people would be astonished by how many login attempts are made by hackers trying to destroy their blogs.

    Thanks so much for this.

    Most of these are hilarious and I need to stop laughing long enough to install the plugin – cause if my site gets hacked it will be no laughing matter!!!
    Ileane recently posted..5 Incredible Ways To Increase Your Presence on Social MediaMy Profile

  5. Twitter:
    to block unwanted logins I use a plugi named login lockdown and it works great and for this purpose Wordfence plugin also works great.
    Arup recently posted..Spice Coolpad Mi 515 Specifications and PriceMy Profile

  6. Twitter:
    Good tips andy but i use Better WP Security they recomend what’s need to be changed and lots more only thing i wish it had was showing the passwords they tried with
    Osei Fortune recently posted..How to Optimize Your Website’s Server ResourcesMy Profile

  7. Rahul Biswal says:

    Nice to see a new plugin WP ban,i will give it a try.for securing wordpress site another plugin Bullet proof Security is great

  8. seriously? people still don’t care about secure pass? Who would use 12345678 pass? I’m surprised)
    Evan recently posted..40 Best Metro Style themes for WordPress – Awesome ShowcaseMy Profile

  9. Oh and how tired I am of the attacks! I actually had to turn off the email notiifcations because it was driving me crazy! I’m using Wordfence for security which has the same features and is a free plugin, however there is a premium version which allows more flexibility as well as blocking countries.

    It’s truly sad that people “trolls” have this much free time on their hands that they just feel the need to be malicious and wreak havoc on our sites.

    Thanks for sharing!

  10. Twitter:

    I face similar issues that the hackers trying one of my blog and there were over 20 log-in attempts a day for the past 2 days and limit log-in attempts saved my blog and I ban every IP.

    I highly recommend bloggers who use WordPress, must use ‘limit login attempts wordpress plug-in’

    Matthew recently posted..How Guest Blogging Helps Businesses Find Targeted CustomersMy Profile

  11. Twitter:
    Hi Andy,
    I have Better WP Security which also does limit login attempts
    What do you advice?
    Enstine Muki recently posted..Best source for your premium royalty-free stock photos ~ DepositphotosMy Profile

    • Twitter:
      if you already have a way to limit login attempts and ban people that you’re happy with then stick with that.. the reason I use this is because i’ve used it a long time and it’s not misbehaved so I stick with what I know works!
      andy recently posted..CommentLuv PremiumMy Profile

  12. Twitter:
    Creating a strong password is so important. It’s a bummer that a lot of people continue to use basic, single words to protect even their most important accounts, like bank accounts. Find a complex password that only you will know. A good tip that I’ve been using for years is to create a sentence, then use the first letter of each word in the sentence as your password. It’s very difficult to overcome a password when it is a seemingly random series of letters. With more and more of our lives going online, staying secure is essential!

  13. Twitter:
    Great plugin and if it works with no hiccups with CommentLuv even better.

    Louis Sanchez recently posted..The power of Bing combined with social media and KerliMy Profile

  14. Thanks for these great tips! I’ve added this to my wp site, never thought about it before!

  15. Twitter:
    new blogs are the ones most prone to these types of hackers.
    I can hardly understand why some one chose one out of those 25 passwords.
    There are warnings from all around to have better security for all of your online accounts.
    Yogesh Pant recently posted..How to win any argument?My Profile

  16. Twitter:
    hey there. Some really great tips. I was once attacked and my blog was hacked. from a team called as “Ayildiz Tim Navajo” they attacked my social plugin and they had put a php atribg. and that overlapped my homepage and displayed their logo. that seemed horrible. so on should never use suspicious plugins. attacks can be made from there too.

  17. Twitter:
    Hi Andy,

    Security of your blog is really essential, Nobody wants to spend lot of hard word and time & later on somebody waste all of your efforts. I think “ThreeWP Activity Monitor” plugin is really crucial one as it helps you to recognize spammers/hackers IP address which you can ban.
    Aasma recently posted..MLM Software in IndiaMy Profile

    • Twitter:
      Yes Aasma , I really like the activity monitor for showing me what passwords hackers are using and it is also helpful to track the ip of usernames because if the same username has many ip addresses then someone is sharing their account details and I can deactivate their account
      andy recently posted..CommentLuv PremiumMy Profile

  18. Alex Newell says:

    As well as taking Andy’s excellent advice remember to install a backup plugin or take backups weekly. If all else fails at least you can simply use your backup.
    I use WordPress Database Backup plugin.


  19. Twitter:
    I’ve been using the Limit Login plugin for some time and it works very well. I’m a little less lenient with those who try to login to my site. After 3 attempts, the IP is locked out for 3 days. Some of the bots, however, are able to change their IP as well so on and on it goes. I make sure that I have some unusual user names and never use admin.
    Gustav recently posted..Consolidate Student LoansMy Profile

  20. Les Wallack says:

    I guess I could say that I’m relatively new to all of this blogging stuff and web site management. It’s very Bitter/Sweet. First, I’m overwhelmed with the staggering amount of dishonesty “out there” and on the other side of the coin, I am ever so grateful for your contributions to the world of Word Press and to bloggers in general. From you alone…I am learning a ton of great info! Thanks!!

  21. Twitter:
    Hi Andy,
    Great page filled with good useful info, thank you.

  22. Twitter:
    Hi Andy,

    Thank you very much for the post. Blog security is one of my main concerns. Now, I have something to say about this post:

    1. Change from admin to something else – already did it.
    2. Stupid passwords – It’s incredible how stupid those passwords are and how people are still using it.
    3. Limit login attempts – yes this is a plugin that deserves careful attention. Thanks.
    4. Watch what users do on your site: this is very important.
    One thing that happens to me and I cannot explain is the following: I occasionally got emails that tell me that a new user registered on my site. However, I have blocked any registration process, changed the passwords etc. When I look into my Dashboard … there is no new user. However I still got this type of message from time to time. Strange.
    5. Ban users – excellent idea.

    6. Free plugins to add to my site. Before adding any new plugin (and you are suggesting three more plugins !!), I want to ask you: How this new installation of THREE plugins will affect the loading speed of a normal blog.

    7. I must say that your Commentluv plugin is extraordinary , even in it’s free version. I grew tired of all that debate about who is better: Commentluv or Google+ comments and did an experiment with Commentluv. What I do know now is that Commentluv is an excelent tool that can bring you real traffic and engagement. What makes it even better is that you own your comments (this doesn’t happen in G+). So, from that moment on I started to promote your plugin on my blog, blog comments and social networks. You really did an extraordinary job for newbies. Thank you

    Have a nice day
    Silviu recently posted..Blog Commenting Results. Case Study 1My Profile

    • Twitter:
      Thanks for your comment Silviu!

      Regarding number 6 .. Plugins are what makes WordPress so great and so unique to each blogger.. If you’re scared of how they will affect your blog then you need to do your due diligence and test before and after and weigh up the costs vs benefits of any plugin.. The fractions of a second that the plugin adds to the loading time of your site is nothing compared to the time it would take to fix it after a hacker gets in and destroys your work or reputation!

      Really glad that you’re liking the CommentLuv plugin!
      andy recently posted..CommentLuv PremiumMy Profile

  23. I just installed all three of the plugins mentioned – keep your fingers crossed….. :D

  24. This is all very well but, what can be done about distributed attacks? You can’t rely on an IP address as the bot uses a different one for every login attempt. They look exactly like users …. we are looking at moving user logins off any WordPress site we have, and placing private support forums on shared servers where we won’t be by ourselves trying to stop increasing numbers of hacking attempts.

    • Twitter:
      Hi Liz,

      For distributed attacks, they really need server level tactics. The plugins here are for the attacks by single servers, scripts or users

      If you’re getting targeted by distributed attacks or bot nets then your hosting provider needs to get involved and implement some root level protection and hardening.

      As for moving to shared servers, my opinion there is that many times it can be worse because a server is only as strong as its weakest link.. If someone compromises the server at root level because of a careless users site configuration then you’re toast! Root level access means open access to every database table and file plus, shared servers IPs are known to have many easy targets so more likely to be targeted by amateur hackers and pros alike

      It’s a scary place out there on the interwebs! ;)
      andy recently posted..CommentLuv PremiumMy Profile

  25. Neeraj Rawat says:

    Hey Andy,

    There is another plugin that redirects or change the login URL for admin, I read somewhere in a WP secure post. Anyhow as of now I am not running any blog on WP, once I do a comeback would use this post and Commentluv Premium to secure my sites.

  26. Karen Swim says:

    Thanks for all the information you provide and the great work you do in helping us to be effective and safe! I had two of my sites hacked last weekend and I would urge everyone to be vigilant about security because yes it can happen to you. Thank you for the additional tips and plugins to defend against those nasty hackers.

  27. Twitter:
    Good security tips Andy. And kudos for providing the plugin. Too many of my clients use default admin and a not too very complex PW so this article will help me help them remedy this.
    Neil Ferree recently posted..Content Marketing with Authorship and DiY Process is the Perfect StormMy Profile

  28. Twitter:
    Thanks for these tips, Andy! I use Limit Login Attempts and max out the lockout period, effectively banning the IP without having to do anything else:
    1 allowed retries
    30 minutes lockout
    1 lockouts increase lockout time to 9999 hours
    9999 hours until retries are reset
    9,999 hours = 416 DAYS! A virtual ban, even if lockout time runs concurrently number of hours until retries are reset (I was never sure about the difference between the two. I think it matters more when you allow multiple retries.)

    Also, I would like to suggest to all your readers that, in addition to changing admin, you should NOT use your posting name as your UserName. Since WordPress does not allow you to change your UserName, this tip is more useful for new blogs: make UserName as difficult as possible and use RoboForm or LastPass to remember your login credentials. Your posting name is the Display Name, which is on your profile.


    Mitchell Allen recently posted..The DateMy Profile

  29. Suresh Khanal says:

    Limit Login is the best option to stop brute-force attack. I’m using it and everyday I see a number of emails notifying the user is banned for certain time interval. You are true, most of the attempts are targeting ‘admin’ username.

    I did not know about threeWP Activity Monitor, it looks interesting to know vulnerable passwords!

  30. Maria Muir says:

    Hi Andy,

    I already had the WP Ban & Limit Log In Attempt, but I still get one IP still managing to bypass the ban, it has been banned 3 times. Any idea how this is happening and any suggestions on how to fix it? I installed the threeWP Activity Monitor yesterday and just checked the activity today. Quite shocking to say the least at the activity going on in my blog and I didn’t even have a clue. Thanks for sharing the information, very helpful.

  31. Bill Hamberg says:

    Hey Andy – you are correct, it’s a little freaky what goes on behind your website AND you would never know it without these plug-ins.

    On a side note, our site(s) have been hacked a few times even though we switched up admin credentials and have very strong passwords – still no idea how they got in?? – so we routinely are doing a Google site search (“”) on all our domains to make sure no one has dropped in any “male enhancement” code. (and why does it always seem to be those products??)

    • Twitter:
      There are other things that allow hackers in like vulnerable or out of date plugins and themes. The more complex a theme is, the more vectors a hacker has to try . Good idea on the google searches, I use google alerts for things like that so I get an email from google as soon as so eating appears
      andy recently posted..CommentLuv PremiumMy Profile

  32. Twitter:
    Ah, the password!…

    Tricky stuff, because many sites have rules, and we become a little book keeper of our own passwords, whether we want it or not.

    Hard to make one that fits everyone’s rules and that makes it hard.

    So it may be simply choosing our battles – make a strong password that you know for the important sites and a “momlovesme” password in the not important places.

    Then, we have to be careful what we share out there… ah, the catch 22, you must love it! :)

    Thanks again, Andy,
    Llyane recently posted..2nd Anniversary Special – Ends June 30th!My Profile

  33. Danielle Parsons says:

    Hello Andy,
    Hope you are getting along well. I have used LogIn Lockdown for a couple of years. I will use the 2 recommendations you made so I can use the new plugin you are offering us and install on all of my domains today!

    I must say that the CommentLuv Premium plugin that I got from you last year has helped me cut way down on spam comments. What I don’t understand is why people don’t have better things to do than try and come and spam my blogs.

    If you are trying to make a living with your blog on the internet, you need to brand yourself with your real name and select a gravatar image so your face appears by your name. Business online is all about trust and if you are anonymous, you will never create Know-Like-Trust!

    Is there anyway I can add the code that you have with the check box and comment about using real name and using a url generated by Comment Luv on my blogs? Do you plan on doing an updated version of the premium plugin and include that feature?

    • Twitter:
      Hi Danielle

      The message in gasp can be changed to whatever you want . You can even put your comment policy in it and use the checkbox as an “I agree to these terms” box

      I’m working on some stuff that will remove all links for a comment and author name if they don’t have a gravatar and other things.. Remove the back links and you remove the incentive to spam!

      Coming soon for comment,uv premium users!
      andy recently posted..CommentLuv PremiumMy Profile

  34. Twitter:
    Just changed the username on my blog thanks for the reminder. :) I’d also add for anyone that changes users that you should also change the user_id in your database (phpmyadmin) otherwise the Gravatar image won’t show up any more on your old comments.

    The easiest way is to do a SQL find and replace in phpmyadmin by using this string…. UPDATE tablename SET tablefield = replace(tablefield, “findstring”, “replacestring”);

    So it would be.. UPDATE wp_comments SET user_id = replace(user_id, “1”, “7”);
    where “1” is your old username id and “7” is your new username id
    Chris recently posted..Make Homemade Herbal Mouthwash for Better Health and Fresh Breath TooMy Profile

  35. Twitter:
    Thank you. Never would have realized this was a problem.
    Carole recently posted..The importance of product reviewsMy Profile

  36. Twitter:
    Great post Andy and I logged in this morning only to find 102 hack attempts on my blog. Wednesday night while I was on my mastermind Google hangout I had 75 attempts within that one hour I was on with my group. What’s wrong with these people.

    I’ve been using Limited Login Attempts for awhile now and it’s my lifesaver. I don’t use a plug-in though to ban them, I put the IP’s in the Deny Manager on my server. Sure, it’s time consuming but it’s one less plug-in I need to have and they’ll never get a chance to come back.

    Luckily for me I don’t allow anyone access to my blog so the other plug-in is not something I would need but thanks for sharing it. I have a feeling some of my friends might find this handy.

    Thanks Andy for the tip and you enjoy your weekend. Hope all is going well with you, as well as can be expected that is.

    Adrienne recently posted..Thankful Thursday: SEO, Security, Pinging, Google Penalty & Social MediaMy Profile

  37. Twitter:
    Oh my God Andy, it seems you have enemies, ban their IP for life :D

    Best regards from I. C. Daniel
    I. C. Daniel recently posted..Grupper v 1.1 – Farming Simulator 2013My Profile

  38. Twitter:
    Thanks Andy for the kick in the butt I needed to get going on installing Limit Login Attempts. It’s now done! :)
    Suzanne recently posted..Financial Advisor Client Review Meetings: Make Them BetterMy Profile

  39. Twitter:
    Hi Andy – thanks very much for this. I have the Limited Login plugin and I’ve also recently installed Wordfence, which seems very good – I haven’t so far had huge numbers of IP addresses to ban so I’m happy to continue doing this manually for now, rather than installing another plugin, but I can see it would be useful for people who get tons of them. It’s depressing that we have to spend so much time dealing with website security – a real pain in the neck. Have these guys got nothing better to do with their time??

    Hope your MS is behaving itself, Andy – you sound pretty up-beat :)

    All good wishes,

    Sue Neal recently posted..Are Your Blog Posts Missing This Vital Ingredient?My Profile

    • Twitter:
      Hi Sue

      The auto ban thing is good once you start getting a lot of international traffic and attacks go up but as with all plugins, you have to decide if its worth it for your blog

      MS is going ok thanks, I have bad days now and then but thankfully they don’t dominate..
      andy recently posted..Submit Your ArticleMy Profile

  40. Twitter:
    Thank you for the useful information. Andy do you mind telling us what plugin you use to create the scroll down popup. I have been looking for one but cannot find it. Thanks
    Hilgard recently posted..Christian Documentary FilmsMy Profile

  41. Twitter:
    Thank you for this. These tips shared to protect us from hackers is very useful. Every now and then we get attacked by hackers. While people are working hard to have a successfully blog, others are working hard to hack peoples blog.
    Giving us this plugin for free is something that is worth commending. I hope it help us from hackers. Thanks.

  42. Twitter:
    Hi Andy,

    I used WordFence and this one shows me how people try to log in my site. Also shows the FAKE Google crawl. And I block them all manually. So if I use Limit Login Attemps and WP Ban, will it complicate each other?

    Angela McCall recently posted..Top 4 High Paying Alternatives to Google AdsenseMy Profile

  43. Hey Andy,
    nice Idea to put the IP’s on a ban list, but what when some countries (TK-providers) use rotating IP’s like i.e. Germany, where you don’t have an own IP and instead get a new one every day ?
    This means, -and happened to me, that I get associated with an IP for a whole day, that’s banned somewhere, preventing me to access my own websites because some fraud protection on the server found me as banned – checking my actual IP told me that it was banned – so I spent hours with turning my router on and off until I managed to have a ‘good’ IP.

    Also an IP could have been used by a Proxy-Server used by a bot.
    As I saw lately, there are Traffic bots (simulating traffic for big G), that scrape hundreds Proxies to get different IP’s and they do it in no time – so probably the malicious bots can do the same, and so burn the used IP’s.

    For Website security I use the Bulletproof Plugin, which meanwhile has a basic Login Limiter included, I came to this Plugin 3 years ago, when one of my sites was hacked twice a week for a month – since that time I never had problems with hackers again.

    Just a few ‘different’ thoughts

    • Twitter:
      Thanks for your comment Andy, always good to have extra info

      For rotating IPs that change, at least the ban stops it for a day but its always a good idea to regularly clear the ban list. Once a few days or even less have passed where someone can’t access the site, that is usually enough to move em on to another ‘victim’
      andy recently posted..Submit Your ArticleMy Profile

      • Hey Andy,
        so the ban list is only ‘internal’ ? and not sent to any other Database ?
        In my case I couldn’t explain my problems, googled my actual (home) IP – and was told it’s on a ban list because of Email-spamming and hacking – pbly the ‘cheap IP’s we get here’ are often like this or burnt through proxies ;) – my thought was, if they are sent to a Spam-Database they would be burnt for longer.

        Cheers Andy

  44. Hello there ! Nice article!
    Im using WP security and it’s actually great and has all these features on it!
    Try it on!

    Artiffex recently posted..Μαγειρεύοντας το ρύζιMy Profile

  45. Twitter:
    Angela, I use Wordfence and Limit Login together for a few months now and have no problems, if it clashes then try Login Lockdown. Andy what is your opinion on Login Lockdown?
    Hilgard recently posted..Your Word is a Light to My PathMy Profile

  46. Twitter:
    Truth of the matter there are many plugins that help, but you really don’t want these attempts hitting your web host in the first place, this can cause load/drain on your web host and consume resources with all of these attempts, everytime that PHP plugin has to run to detect/block it consumes resources on your hosting provider. This is why it is better to leave a cloud protection service to handle preventing all of this and my recommendation is Incapsula which is free for all but the biggest sites, it has much better security protection than Cloudflare and simply will never allow bots to even make it to your hosting provider at all, it will implement IP bans for repeat attempts, provide you full monitoring of all hack attempts.

    I found that my blog was getting attempts to inject malicious coded in files named thumb.php and timthumb.php almost 40x per hour, various bots and rootkits were making attempts nearly every minute to compromise the site. So plugins are good as a 1st step in my opinion, but if you want to also consider performance/load on the site itself, then leverage Incapsula.

    However, always still rename your admin account, and put a Captcha on your login page.
    Justin Germino recently posted..Camtasia Studio 8.1 Now with Chroma Key and Logitech C920 SupportMy Profile

    • Twitter:
      well, if it’s a plugin or in fact, any include file that wordpress uses, then for sure it will cause load/drain on your site! if we didn’t want that, we’d all have to be using the same theme on the same platform

      plugins are why wordpress is so great, as with anything you do to modify or improve your site, it pays to use a teensy bit of common sense and not install every single one there is.. :)

      getting server level protection on attacks should be a hosting provider provided thing anyway, any host that doesn’t have measures in place to prevent script injections and other targeted baddy stuff isn’t worth hosting on!

      and yes! thumb.php and timthumb.php files are very very dangerous, they don’t even need to be in a plugin or theme that is active to become a threat so I’m not surprised that you get so many attempts to expose it Justin!

      thanks for the recommendation, I’ll give that a good look and see if it’s worth passing on to my readers..

      safe blogging!
      andy recently posted..CommentLuv PremiumMy Profile

  47. Most bots are likely looking for admin. But if someone really wanted in, they might assume that the author of all your posts is now the administrator id. I recommend doing what Andy said, but set up a new author user for all of your posts. You can still log in as the admin, and then simply set your posts to an author or editor user-id before making a post live.

  48. Twitter:
    LOL. I liked the way you depicted in the image. kiss me – No Hacker boy. It was really hilarious :D
    By the way many thanks for the 3 plugins. Gonna use them write now.
    Nitin Maurya recently posted..Almost Every Blogging Tool That A Blogger NeedsMy Profile

  49. oh..this is good. I will love to try this plugin for my blog.

  50. Twitter:
    Great post Andy,
    Along with some other plugins, I use Login Security Solutions and so far, this has been very effective. I will love to try threeWp Activity Monitor. It is really scary to know how very determined these hackers are!
    Lola Stoney A recently posted..Securing Your Blog:10 Basic WordPress Security ChecksMy Profile

  51. Twitter:
    This is really a great information you share we always try to use a common password and that is not good for us.We should always use uncommon and hard with some special character password.
    Jonathan recently posted..Mes objectifsMy Profile

  52. Also, you can change your write permissions for key files. Also, change your ftp ports to less common ports.
    richescorner recently posted..Buying Gold in a Poor Market – Why is it Good for You?My Profile

  53. Twitter:

    Thank you for the tutorial.
    Mia Taylor recently posted..Unwarranted Concerns when Outsourcing Medical TranscriptionMy Profile

  54. Great advice, someone told me a few days ago that 60 login attempts had been made on his site in one day alone!

  55. Twitter:
    I installed Better WP Security on my blogs when my web host informed us of the attacks on WordPress sites a few months back. On my community blog I was getting up to 200 bad login attempts per day and I shut down user registration for fear of being hacked.

    I think I will try ThreeWP Activity Monitor as I do want to encourage guest blogging on that particular site. Thanks for an informative post.
    Pasha OConnor recently posted..Facebook adds support for clickable hashtagsMy Profile

    • Twitter:
      it is scary to see the bad login attempts! but even if you switch off registration, they will still try to get access to the admin account so it’s a good idea to still ban the repeated offenders.

      I think you will like threeWP!
      andy recently posted..CommentLuv PremiumMy Profile

  56. Twitter:
    Using combination of alphabet and ditgit can as well prevent one account more secure
    adesanmi adedotun recently posted..One great fact why you must start a blogMy Profile

  57. Twitter:
    I am So sick of these hackers. I have a plugin where I get an email for every time they access my login screen. Now I have it set so they have one try to log in, if they get it wrong that IP is blocked. It’s too bad they have hundreds of IP’s. I go through my email and individually block each one at the end of the day, I have blocked every IP in china and hundreds of others from all over the world. Since I set the lock out to 1 bad login attempt they have almost stopped. What a pain those people are!
    Dub recently posted..Fishing Photography Tips, How to Make your Trout Look HUGEMy Profile

  58. Twitter:
    I’ve just installed limit-login-attempts on all my sites. I thought it was overkill until I looked at the list of failed attempts. Even a site that has almost no content (I use it to test out some Thesis features) has a log attempt list that stretches down the page – and after just one day.

    Possibly the best post on the web since the dawn of time. ;-)
    David Bennett recently posted..Painlessly Remove Post Revisions From Your WordPress DatabaseMy Profile

  59. Twitter:
    Limiting login attempts is a very good idea to keep your site safe from hackers or other filthy minds. Thanks for sharing these plugin info.
    Raj recently posted..Download BlueStacks App Player for Windows | BlueStacks Android Emulator DownloadMy Profile

  60. Twitter:
    hummmm… this is good information Andy!

    Thank You for keeping us informed :)
    Vineet Gupta recently posted..How A Common Man Can Become Rich ?My Profile

  61. Twitter:
    Sure dude these are the best methods to secure your blog from evil looks and keep it protected from any harm.
    himanshu recently posted..How to download Youtube videos without any softwareMy Profile

  62. Twitter:
    Thanks for sharing such a great number of ways by which we can secure our WordPress blog easily. I really like your tricks about to change the account type administrator to something else. That’s a really handy thing because all brute force attack are meant for administrator privileges.
    Muneeb Ahsan recently posted..How to hide your friends list from your Facebook profile?My Profile

  63. raman bathina says:

    As compared with blogger WordPress have less security because blogger is maintained by world no 1 search engine Google and another reason for hacking WordPress passwords is now a days most of the bloggers use WordPress for effective blogging that’s why hackers target WordPress users.These list of precautions are very useful for every WordPress user.

  64. Actually as a beginner i find it pretty tough to manage a wordpress site. So i switched to blogger.
    Now that i got some hope on wordpress by reading this article.
    Thanks for your tips

  65. Twitter:
    Hi Andy..
    It will be hard to handle the security for a great site like comluv. Not like my blog, I use WordPress Firewall plugin, Login lock down and a plugin to hide admin login page. I don’t know whether these plugin work or not, but i think my blog still safe :)
    Uphy recently posted..Cara Menggunakan Hashtag di Status FacebookMy Profile

  66. Thanks Andy, I never knew about ThreeWP monitor plugin.
    I hope it will secure my blog with guest post option
    Kushal Azza recently posted..Paypal account pay and receive through Indian Bank AccountMy Profile

  67. Mariska Bone says:

    Good tips andy but i use Better WP Security they recomend what’s need to be changed and lots more only thing i wish it had was showing the passwords they tried with..

  68. Thanks Bro..!!
    I just installed the plugin & Its working very nice. I think it will secure my wp-admin folder.
    Thanks again :)

  69. Twitter:
    Limit login access is very very important plugin to stay safe from DDOS attacks and mass login attempts
    Gautham Lurk recently posted..Akinator the Genie Game ReviewMy Profile

  70. Twitter:
    nice give aways andy. we must set our administrative password so strong that no one could guess it. We should also make use of wordpress plugins to avoid any such incidence.
    raj recently posted..Nimbuzz for PC Download | Nimbuzz Para PC | Nimbuzz for Windows 7/8/Vista/ ComputerMy Profile

  71. One of my sites got hacked last year. It was quite a pain to clean all the link crap and you tend to take it personal, which is not the case of course. Then a couple of months ago the brute force attempts started on the wp-login and flooded my server. Lessons learned!

    I now use security plugins on all my wp sites and have a few other measures in place. Wordfence security and better WP security are my favorites.

  72. Hi, thank you for this article, i like the plugin to watch users activity on my site. it’s very simple and useful, i have been hacked two times and I’m afraid to lose my site

  73. Jim Griffen says:

    I believe the best solution is a good complicated password that you may only know. Happy1234 is not one of it.

    Novel remodeling uses only complicated passwords to secure our information and protect our customers

  74. Andrew Collins says:

    Best security is captcha i think. They are so annoying to deal with :)

  75. Twitter:
    what a nice content Andy…
    I thoroughly read the post and installed many of the plugin you said, for avoiding some mischief ..
    champ recently posted..Ultrabook Review – What is an Ultrabook? Basic Idea Behind UltrabooksMy Profile

  76. I like the idea of the plugin that shows you what password is being tried! I suppose I’ll give that one a shot. :) I use Better WP Security, and I really like it and what it does. It shows me failed login attempts, username attempts and changed files. I’ve also set it to block IPs of hackers from a hacker list. If it weren’t so bulky, however, I’d like it more. But it does a lot that it needs to, otherwise I’d switch to the Limit Logins plugin you suggested. :)

  77. reetika gupta says:

    Hello Andy,
    Nice Info Andy Really i never thought about it , and I never knew about ThreeWP monitor plugin.
    and I hope it will secure my blog with guest post and i must say thanks to you for this post.

  78. Twitter:
    I am really new to blogging and after getting our blog set up have been looking into backup and security options. We chose Wordfence which is one of the plugins that does multiple security things based on some recommendations from the WordPress developer community forum. Do you have any thoughts on this plugin or these types of plugins?

    BTW, thanks for posting the top 25 login passwords….says something about our society I think. As a psychologist, I found that information interesting.
    Jessica recently posted..Travel Research: Are Travel Guidebooks Still Useful in the Digital Age?My Profile

  79. Twitter:
    Its great This Plugins are very useful. to protect from unwanted activities
    thank you for sharing with us … :)
    Nikhil recently posted..Why Self Hosted WordPress Platform Is Best For BloggingMy Profile

  80. Twitter:

    These are nice and great plugins and your tips were amazing but I think something like firewall should also be installed to prevent hackers using other kind of techniques.
    Hamza Ahmad recently posted..Best WordPress Security Plugins With Ratings And Reviews (InfoGraphic)My Profile

  81. The best solution to a hacked account is to have your backup ready. If you do have your backups, or your hosting provider offers the service, you can get back in a few minutes / hours.

  82. Great post….a few months ago I installed security plugin on my site and I’m glad I did. A few weeks ago someone tried to hack my site by guessing the password….luckily I have it set to block IP’s after 4 attempts…If you have a wordpress site, some sort of security software is a MUST! You will get hacked if you don’t…not a matter of if, but when.

  83. Recently, I installed Wordfence which seems very good. These tips shared to protect our blogs from hackers is very useful. Thanks for the plugins

  84. Twitter:
    Thank you for sharing this with everyone. I’m tackling this issue as my next project. Excellent article with easy to follow instructions. Andy, I have mad respect for the work you do. And hello (because it’s been a while since we’ve connected).
    thatgirlisfunny recently posted..Respect Yourself! Take Risks, Be CuriousMy Profile

  85. This post was very helpful. I created my blog last week and luckily I researched how people could potentially hack your wordpress blog. I made sure to install this plugin right after I got my website up.

    I also have a plugin to weekly backup my site!
    Thanks for the great post, very easy to understand.

  86. Flávio Rodrigues says:

    Good post, always follow them,
    Unfortunately the security problem is very bad and i still see people creating passwords like this, very easy to find. Some up to use the dog’s name or your birth date.

  87. I heard wordpress plain installation is very vulnerable to hacker\’s attack. And i think Limit Login Attempts plugin would work fine against brute force attack.Nice Share!

  88. I’m using Better WP Security. And its more then enough. There’s nothing to worry about anymore.

  89. Twitter:
    Thanks Andy,
    Creating a secure WordPress site is always the better option. You really add up to my knowledge :)
    Harman recently posted..Micromax Canvas Fun A76 Specification – Features and PriceMy Profile

  90. Twitter:
    Thanks I just installed all three plugins on my site, your automated systems just let me know that my links will not show up here, at list not until I will make more comments or what? lol

    However I use comment luv for few years now and for this I will say thank you.
    Christian recently posted..This New Type Of Fiverr Alternative Promotion Has Never Been Revealed To The Public Until NowMy Profile

  91. Twitter:
    Thanks for this info. I hate it when you see that login attempt email, scares the heck out of me.
    Drew Tracy recently posted..Green River Dive Knife – The Commercial Divers Best FriendMy Profile

  92. Hi Andy, I must say thank you. The way WordPress sites are being threatened is alarming, this tool will do well with the protection WP sites.
    Emmanuel Obarhua recently posted..What is MBA – a Detailed but Simple DefinitionMy Profile

  93. Twitter:
    I just set all my sites the same like you say and am amazed about how many attempts lol you have absolutely right.

    I use a very unusual wp theme, very fast and I wonder all plugins do not decrese my speed – good work thanks here the site
    Christian recently posted..Simple Video Marketing For Fiverr Alternatives – GigLoads TutorialsMy Profile

  94. Twitter:
    I am back again do you have any idea why I received this error: Missing argument 2 for limit_login_track_credentials() in /home/flextoh/public_html/wp-content/plugins/limit-login-attempts/limit-login-attempts.php on line 769

    And I can’t access to the site.

    Thx in advance.
    Christian recently posted..Simple Video Marketing For Fiverr Alternatives – GigLoads TutorialsMy Profile

  95. Lennon Ruggier says:

    I’m a webmaster and I can confirm that people do use those common passwords a lot. People don’t seem to take online security as seriously as they should. Please people, use a good password or you will get hacked!

  96. Munem Qureshi says:

    I am Blogger and i have been hacked once and the reason was use of normal password which we use in our daily life … i would recommend people to use Strong password and use these type of Plugins for the addon Security. Any Ways Nice Article …

  97. Limit Login is one of my favorite WordPress Security plugin. I have been using it from last couple of months, but believe me it is also vulnerable to many sort of attacks.

    Recently, I was meeting a Security Researcher in local area, and we start discussing how to secure a server, and as well as how to secure WordPress.

    He said me only one thing! He said, if you don’t know coding then avoid installing plugins. The more plugins you install the more you allow hackers to get under your skin. Furthermore, if one thing stops them from accessing the other thing allows them to take control.

    Limit Login is awesome, as it prevents Brute Force attacks.

  98. hi andy
    fist of all thanks for telling us about this great and essential plugin info. nowadays anyone can be the victim of hacking and may lost there whole labor that he/she had done on his/her blog so i think every blogger must have to install this plugin to there WordPress.

  99. Twitter:
    Hello Andy.
    Although it looks simple, but very important.
    so, thank you so much for giving tips that means for us. Great info.
    nugroho recently posted..Cara Cepat Tambah Tinggi Badan dalam 3 BulanMy Profile

  100. Sneha Malik says:

    Is Bullet Proof Security WordPress Plugin good for security purpose. Please tell me,, can i use this one because my friend is using that plugin and suggested me also.

    Sneha Malik

  101. Twitter:
    Thanks for the share. I also agree with you on weak password. This is the greatest mistake you can make to usher in a hacker. ~ Anetta
    Anetta Bursh recently posted..Download BlueStacks for Windows 7/8 & MAC PC (Offline Installer)My Profile

  102. Twitter:
    Amazing post, lol I learned so much about. WP Security said that a hacker will need 1232354 days to break my password huh :D I have done almost everything written in this article.. So thanks once again Andy :)
    Hristiqn Nikolov recently posted..15 Amazing Paulo Coelho Quotes That will Change Your LifeMy Profile

  103. Neil Swainston says:

    I have been using the Limit Login Attempts plugin for a while and it is amazing how many attempt are made to hack into my websites. The WP Ban plugin will be a big help and your plugin to automate it will also help as I block the hackers IP address manually. Thanks for the free plugin Andy, I always read your helpful comments.

  104. Twitter:
    Go for it Guys, Its WOW!
    The plugin is very comprehensive and is a powerful blow to hackers.
    I have built many WordPress sites and after trying many different solutions, I can honestly say there is no one better than the “Limit login attempts”. When you consider the extreme security, quality and overhaul, LLA is Countless.
    Absolutely outstanding work Andy! :)
    Chetan recently posted..Home Sweet Home – Destination KandivaliMy Profile

  105. Twitter:
    hi andy ,

    i wish i could read this blog before because once my blog is hacked and i have restore my site using my backup . Thanks for sharing andy
    diwaker recently posted..Lenovo Yoga TabletMy Profile

  106. Twitter:
    Thanks for these wonderful plugins. I salute you for your generosity and kindness, in deed you’re a true leader who is ready to help many. The plugins you share will go a long way in helping us fight hackers.
    oladayo ojekunle recently posted..How to do keyword ResearchMy Profile

  107. Twitter:
    This is of great help for everyone Andy. Thank you for sharing with us these plugins. Hope this would blow off hackers :)
    Jessica Parker recently posted..Move towards Healthcare for Angel InvestmentsMy Profile

  108. I think with all the security and precautions, everything can be hacked. But its a good practice to keep one as much safe as possible. I think installing amature plugins in WordPress is one of the major reasons of vulnerabilities in WordPress causing huge catastrophes.
    Irfan Elahi recently posted..Upper Jackets & Hoodies for Men & Females in Lahore PakistanMy Profile

  109. Andrea Callahan says:

    Thank you so much for this plugin. Managing a business AND fighting off Hackers is too much! It becomes overwhelming.

  110. Twitter:
    Thank you for such a great informative article, I’m all agree on weak passwords are not good for a fight with a hacker, and the limit login plugin weapon for protection is great ..
    Sajjad Hussain recently posted..AMD’s New Kaveri APUs Lineup for 2014My Profile

  111. Twitter:
    Very Informative article. wp3 activity monitor and limit login Attempts are very useful plugins. Thanks for the tips bro.
    Anirudh Anand recently posted..Microsoft’s Security Intelligence report warns alarming rise of Trojans and Worms !My Profile

  112. Jacob Golan says:

    These plugins are a lifesaver is spammers give that put a bad taste in your mouth. These plugs is what punch spammers in the face and knock them out for the count.

  113. Twitter:
    some helpful advice Andy – I’ve not heard of the “Limit Login Attempts” plugin before going to check that out for sure, also I cant believe people still use passwords like 1234567 and password .. lol for me I use the LastPass toolbar plugin to keep all of my random passwords in one place and secure, it works like a charm!
    Mark recently posted..What Are The Best Ceramic Knives?My Profile

  114. Twitter:
    Thanks for the nice information.

    I think BulletProof Security is really a great Plugin to secure WP from hackers.
    Swarup recently posted..13 Killer Tips to Save Battery Life of your SmartphoneMy Profile

  115. Ive been suffering from spammers and hackers on my sites over the years. Substantial loss of sleep and revenue. Any products as good as this one need to be promoted. Keep up the good work in this area…..! It is much appreciated.

  116. Twitter:
    I am getting hit on several of my sites and like you I can see them trying. Thanks so much for suggesting the plug in to limit log in attempts. I am heading over right now to see if I can find and install it.
    Robert Fowler recently posted..Mixing Work and Travel during RetirementMy Profile

Speak Your Mind


CommentLuv badge