Are Hackers Testing Your Defences?
Are hackers testing the defences of your website right now?
Do you even know how to test for hack attempts?
I know they are testing ibraininc.com right now, and in this posts I will show you the tools I use to test for brute force hack attempts and how to stop the hacker getting in.
Security At WPDude Is Constantly Tested
There are people out there trying to login to wpdude using a technique called brute force hacking. They send a login request over and over with a dictionary of commonly used passwords.
They use the common admin user name along with the password dictionary via scripts to crack your site.
This happens at wpdude at least once per day, don’t believe me, here are some screen grabs of the hack in action.
You would think this person from the Ukraine had more pressing things to worry about than trying and hack a WordPress blog, but as you can see they are a little more sneaky and are trying to use different combinations of user names.
My Not So Secret Weapon
Using this plugin I can see the attempts and block the offending IP address. From WordFence go to live traffic -> logins logouts.
So what can you do to protect against brute force hack attacks?
- Rename your admin to something more secure, see this post for details
- Use strong passwords.
- Limit failed login attempts, I use WordFence for this, so if someone tries to login X times the user is locked out for an hour. but you could also opt for login lockdown
- Password protect wp-admin. Personally I don’t do this, but you can get details here if you are ultra cautious.
- Add some sort of captcha to the login form so scripts cannot be run. Captcha on login plugin will do this for you.
- Monitor for and block people trying to get in, WordFence has a big old button to do just that.
Install WordFence Now
You will be surprised how many times people try to get into your site, go and install WordFence now to see what is happening on your site.
30 Day Trail Of Maintenance
One of the things we do for our maintenance clients is a security hardening process, where we lock down WordPress and make it much more difficult to get in.
I’m offering a 30 day free trial of our maintenance service, why not sign up and get your site secured at no cost. No credit card is required, it could save your site from a hack attack.