With popularity come problems in the tech world. A disturbing and destructive hacking trend has gripped WordPress sites of late, in the form of Brute Force Attacks. According to WordPress officials, “Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in.”
In essence, the hacks prey on the user’s inability to create effective security parameters and regularly maintain the website. These Brute Force Attacks are not limited to WordPress websites, but WordPress is popular and thus has become a frequent target.
Protect Your Site!
WordPress has offered some tips to help users protect themselves from the attacks, including the following:
- Never use ‘admin’ as a username. According to WordPress, “The majority of attacks assume people are using the username ‘admin’ due to the fact that early versions of WordPress defaulted to this.” If you still use ‘admin’ as a username, it is highly recommended that you create a new username, transfer all posts to that account, and change ‘admin’ to a subscriber (or delete it entirely).
- Use more secure passwords. A surprising number of people still use simple or easy-to-guess passwords, like ‘1234’ or ‘password’, and these just don’t hold up when trying to avoid hacks. WordPress recommends avoiding the following when choosing a password:
- Any permutation of your own real name, username, company name, or name of your website.
- A word from a dictionary, in any language.
- A short password.
- Any numeric-only or alphabetic-only password (a mixture of both is best).
- We’ve discussed the importance of creating strong passwords in the past on this blog and the same advice still rings true.
- Install a plugin that limits the number of incorrect login attempts. There is no limit to the number of times someone can attempt to log in to your WordPress site, which means hackers can run a program that tries millions of password combinations until they find yours. With a plugin that limits the number of login attempts, however, anyone who fails to correctly enter the username and password after a certain number of tries will be locked out.
Taking these security precautions is the first step to reducing the risk of a Brute Force Attack on your site, but it’s only the beginning. Matthew Mullenweg, the founding developer of WordPress urges WordPress users to verify that the site is running the latest version of WordPress. “Do this and you’ll be ahead of 99% of sites out there and probably never have a problem,” Mullenweg wrote.
Regular website maintenance and backups can spot and patch any vulnerabilities within your website and ensure that your information is fully backed up in case of an emergency. The corecubed team can change your username, create a strong password, install necessary plugins, and perform regular maintenance and site backups to increase your protection.
While nothing can protect you 100% from Brute Force Attacks or other hacks, corecubed‘s regular WordPress maintenance can greatly reduce your risk. Contact us today to set up regular maintenance!