How to secure your Wordpress Blog from Brute Force attacks?

Securing Wordpress Site from Hacking Attempts

A major concern of majority of Wordpress users is the safety of their sites. Wordpress is a much liked platform for Blogging as it is SEO friendly. However, Wordpress sites also are more vulnerable to hacker attacks. No matter how much effort you have put to secure your site, there are evil guys around waiting to steal your site. These guys are masters in their trade. They are so smart that an ordinary Blogger may not even come to know even after being hacked. As the popular saying goes, prevention is better than cure. Rather than putting your sites to risk and then spending time and money in recovering the sites, it’s worth putting some efforts to ensure the security of your sites.

Over 30,000 Wordpress sites have already been hacked and taken control over by the bad guys. The Hackers may use these sites to send spam emails, crash servers, make money, plant further virus and so much more. For the past one month or so, brute force attacks have increased to a considerable extent. Thousands of Bloggers have lost their sites, personal details compromised and even lost their hosting accounts. Just because, you have not been hit does not mean that you are safe. Even if you manage to survive the hacking attempts, you may still end up paying an extra traffic bill to your Hosting Company because of their numerous attempts to break into your website or blog. Though you may not be able to make your Wordpress sites 100% hacker proof, you can certainly reduce the chances of the sites getting hacked. This can be done by hiding the WordPress installation from hackers.

My first Wordpress site got hacked and some malicious code was installed by the hackers within 3 months of starting it. One day I found my hosting account suspended and I could not log in to my site. When I contacted the hosting company, they treated me as if I am some criminal. However, they helped me recover my domain to the starting state, but all my data was lost. I had written over 90 blog posts and did not have any backup. The Hosting Company further warned me that in the event of it happening again, I would lose the hosting account. I never felt insulted that much in my whole life and decided that I need to take steps to secure my domains. I read all stuff I could get on Wordpress Security and even got many Premium Plugins to protect my blogs. My efforts paid off, and I managed to reduce the internet footprints to prevent brute force attacks from hackers. The hackers are a smart lot and may come up with new ways of breaking into sites, so it is worth taking precautions to stop them on their track. If you have an online Wordpress sites empire or manage Wordpress based clients sites, you need to take steps to protect your sites.

WordPress Blog Security Plugins and Tips
WordPress Blog Security Plugins and Tips

How to protect your Wordpress Site from Hackers?

Do you want to secure your Wordpress Sites from Hackers? Given below are some steps you can take to ensure the security of your sites.

  1. Keep your Computer clean: It is advisable that you have a private connection. Try not access your site from public computers. Make sure you run a virus scan on your own computer to ensure that it is clean at all times. Most hackers try to infect your computer with malicious viruses first. I advise a combination of Kaspersky Internet Security and Malwarebytes Anti-malware PRO version.
  2. Reliable Web Hosting: Get the hosting account for your Wordpress sites from reliable hosting companies like Blue Host.
  3. Have strong user name and passwords: Your password and user name should be in a combination of capital letters, small letters, numbers and symbols. Avoid user names like Admin, user, 1, administrator and manager that are quite easy to guess. However, if you happen to have such a username you can add a new secure user with a strong password and user name and then delete the old user. For this, under users in your admin panel click on add a new user. Make sure that the user name and password comprises of at least 8 characters and Use a combination of upper and lowercase letters, numbers and symbols to create the username and password. Give admin rights to this new user. Now log out of your Admin Panel and login as the new user. Go to user section and delete the old user. However, make sure that you remember your new login details. Also avoid passwords like password and 12345.
  4. Themes : Use the Free Themes hosted by Wordpress or Premium themes from reputed Theme makers like Catch Themes or Woo Themes. Delete the unused themes from the Theme area.
  5. Add Wordpress Security Plugins: Wordpress Security Plugins can add an extra layer of protection to your Sites. Some of the best plugins you can use to secure your sites are Bulletproof Security, Better WP Security, secure Wordpress, Sucuri Site check malware scanner, Wp security scan, Login lockdown, Ask Apache Password protect and WP- brute force. The Pro or Premium versions of these plugins offer better security from hackers, so I advise you to spend money on it. We spend so much money to protect our physical assets by investing on lockers, security personnel and security devices. Why not get the best protection for our virtual real estate? Just adding the plugins is not enough, activate them and configure them correctly. However, keep checking your sites as you make changes as some changes may break the site. It is advisable to install these plugins at the time of Wordpress installation itself. If it is an existing site, make sure you do a backup before configuring the plugins as some changes may not be compatible with your Wordpress theme, the plugins you use or your server configuration. Configuring the plugins is quite a tedious task. If you need assistance configuring, I would happily do it at a reasonable price.
  6. Change File Permissions: Use FileZilla FTP Software to access your site and change htaccess file, wp-blog-header.php, Wp-config.php and index.php file permission to 404. Also change wp-admin and wp-content to permission 705. However, make sure use refresh the site every time a change is made to ensure that it is not broken. Now Delete Readme.HTML from Public HTML folder. Next go to wp-Config folder and delete install.php and install-helper.php.
  7. Keep your Wordpress updated: Make sure you keep your Wordpress version, plugins and themes updated at all times. Also try to limit the number of plugins. Also make sure that you back up the site regularly so that you have the data to restore your site if needed. You may use WP Online Backup, Vault Press, Backup Buddy or WP DB Backup for this purpose.

Now that, you have done the above steps you are ahead of thousands of Wordpress users who do nothing to secure their sites. However, remember that your sites are still not 100% secured. You only have reduced the chances of your sites getting hacked.

Was this Hub helpful to you? Feel free to share your opinions by way of comments. Liked this Hub? Please feel free to share this hub link on social networking sites.

Bad Login Attempts on one of my WordPress Blogs
Bad Login Attempts on one of my WordPress Blogs

How to Secure your Wordpress Site for Free?

WordPress Security Threats and Tips by Dre Armeda of Sucuri

How to fix a Hacked Wordpress Site?

Beware! Your Computer may be at risk.
Beware! Your Computer may be at risk.

Will you spend money on the security of your Wordpress sites?

See results without voting

© 2013 Anamika S

More by this Author


Comments 12 comments

SpaceShanty profile image

SpaceShanty 3 years ago from United Kingdom

Interesting page, I never considered someone would want to hack a Wordpress page.


DDE profile image

DDE 3 years ago from Dubrovnik, Croatia

How to secure your Wordpress Blog from Brute Force attacks? well advised and pointed out, this hub is informative and most helpful to this appraoch


Don Bobbitt profile image

Don Bobbitt 3 years ago from Ruskin Florida

Great Article. Voted UP and Interesting. I presently have three sites.domains with WordPress and I really like their product. Your article is being Pinned to my Pinterest site for future reference as I implement some of your suggestions.

Thanks,

DON


rebeccamealey profile image

rebeccamealey 3 years ago from Northeastern Georgia, USA

This was SO helpful! I see a few things I need to do to my Word press site. Thanks so much voted useful and shared!


NateB11 profile image

NateB11 3 years ago from California, United States of America

Very useful and valuable information you've presented here. I immediately became concerned about the safety of my sites because of the advice of conscientious writers like yourself and started thinking of measures to keep it safe, including paying for a back-up service; I will definitely include your very important suggestions here to my repertoire.


Victoria Lynn profile image

Victoria Lynn 3 years ago from Arkansas, USA

I've never really thought about hackers. I'm setting up a site now; I think I did sign up for some security stuff. Very informative and helpful hub!


midget38 profile image

midget38 3 years ago from Singapore

Thanks for the tips, and this is so important, Anamika. I had a hacker go into one of my sites and my IP add ended up being blocked for no reason. Thanks for sharing...will bear these in mind.


kashmir56 profile image

kashmir56 3 years ago from Massachusetts

Very useful and valuable information that all users of wordpress can use to secure their wordpress blog.

Vote up and more !!!


Anamika S profile image

Anamika S 3 years ago from Mumbai - Maharashtra, India Author

@Patkay That's not true! I am no expert of WordPress. As the saying goes, necessity is the mother of invention and I had to learn. You many activate Akismet plugin for your comments problem. If you wish you can close comments altogether by opting for 'no comments'.


Patkay profile image

Patkay 3 years ago from Nairobi, Kenya

Thanks for sharing this. Better you, you know much about wordpress. For me I am struggling even with simple things. Do you have an idea why I get a lot of spam comments and what I should do about them?


Anamika S profile image

Anamika S 3 years ago from Mumbai - Maharashtra, India Author

Thanks for the appreciation SilverGenes. I am happy that you found the information helpful.


SilverGenes 3 years ago

Excellent article! I have done almost all these things except for the file permissions so I'll have to double check with the CDN I'm using. I have my sites on CloudFlare now with high security checked , aggressive caching, and automatic rocket loader. Even with all this, I had a scare yesterday when all my internal links suddenly showed 404 errors. Turns out it was my own fault - after updating SuperCache and Bulletproof, I had forgotten about the permalinks - easily resolved. You've done a fantastic job of outlining things step by step! Thank you so much for making it easy for us to protect ourselves without having to spend a week researching all the bits and pieces. Wonderful!

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working