WordPress installations worldwide are currently under a brute force attack. These attacks are targeting the most common username and password combinations.
Is your WordPress Secure?
If you still have your username set as admin, your WordPress sites are very much at risk.
As a precaution, all WordPress users should change their passwords to a secure password that includes upper and lower-case letters, numbers and other characters.
What do you need to do now?
First, change your password. Do it now while you’re reading, I’ll still be here when you get back.
Then change your admin login to something not admin!
- Back up your database. Here’s a list of free backup plugins you can use. However, restoring from a free backup isn’t always straight forward. I recommend Backup Creator as a very easy and cost effective alternative.
- Log in, create a new user and give it administrator rights
- Log out then log back in with the new username
- Delete the old admin selecting the option to transfer all posts to the new user
- Update your new user profile with a new nickname, the correct email address and any other info you want in there.
What else can you do to secure your WordPress site?
One of the many comments circulating at the moment is to use a plugin called Login Lockdown. While this is a good plugin to have on your site, it is not likely to help in this circumstance.
The attacks on WordPress are coming from an estimate 100,000 unique IP addresses. Login Lockdown blocks attempts from the same IP range – and with 100,000 to choose from… well the numbers just don’t add up.
Amongst other things, Cloudflare helps to increase your site security against common attacks. There are free and paid options.
What can you do if your WordPress site has already been compromised?
- Log into your WordPress dashboard and check your current users. If you have unknown users with admin rights, delete them.
- Change all your passwords for at least all admin users.
- Update the security keys in your wp-config file
- It is also advised that you restore a known clean version of WordPress
Over to you…
Have you changed your password for your WordPress site?
Image courtesy of chanpipat / FreeDigitalPhotos.netIs Your WordPress Secure From Attack? by Jan Kearney