Wow, we’ve reached day 5 of Bonnie Gean’s Video Blogging Challenge and so far I’ve kept up!
In this video blog, I want to take the opportunity to nag you about WordPress usernames and passwords. There are a LOT of attacks going on at the moment – including an attempt to force the login and password on a client site yesterday. That’s what prompted this video!
Before you make any changes to your site, make sure you do a full backup! For standard WordPress sites I recommend The Backup Creator.
The blog post I refer to in the video is “Is Your WordPress Secure From Attack?” and there is a link directly in the video too. For those who prefer to read rather than watch, the transcript is below the video.
Video Blogging Challenge Day 5
WordPress usernames and passwords
Video Transcript
Good morning! It’s Jan Kearney at My Local Business Online and today is day 5 of Bonnie Gean’s Video Blogging Challenge. I want to give myself a quick pat on the back for actually doing 5 videos, 5 blog posts and keeping up so far with the challenge this week, which is a minor miracle!
It’s a really quick video today. Today I am officially 44. I’m going to go and get on with some work and celebrate with coffee in a second. But before I do that, I wanted to have a quick word about WordPress and online attacks. Most of us use WordPress for our blogging. It’s a fabulous platform, absolutely amazing. The slight downside is because it is so popular, it is often target for attacks.
Now the reason I’m bringing this up now is I logged into my email last night and there was a stream, just duh, duh, duh, duh, of emails where a client’s site had been hit and stopped from logging in. These types of attacks are quite common, there’s a lot of it going on at the moment. Even the big guys are getting hit – Hostgator, the owners of Hostgator, EIG with Bluehost have been walloped by attacks and taken down. Aweber the email software have been getting hammered all week. It’s not new and it is going to get worse.
So what can you do as a small business owner? Because, don’t kid yourself, you are a target. People don’t want to take your site down, they’re not there to damage your business. They want access to your little bit of the web so they can sit in the background then use it to their own advantage. This day and age, often to attack other sites as part of a bot-net. In my clients case, they didn’t get in. they had a secure login and password. The emails were just a report to say someone had been locked out.
What can you do right now? I want you to do it right now, first of all check your login is NOT admin. If you are logging in with admin, you’ve left yourself wide open. You’ve given these bots, because it is all automated, the first key to your website. So go and change it. Over on my blog, a while back, I did a how to change your admin post. I’ll dig that out and put the link on the bottom of the vid. There are plugins that you can use as well, but I personally prefer to do it my way with no plugin.
Secondly, please ensure you gave got a decent password. It’s not your pets name, your date of birth. It’s not password123, letmein or anything else that is remotely similar! Use a combination of upper and lower case and punctuation, dashes, commas and everything else. Go and change your password, make sure your login isn’t admin already far more secure than many, many other blogs out there.
I’ll leave it on that note. Have a wonderful weekend, I’ll speak to you soon!
Over to you…
Have you seen an increase in attempts to get into yor WordPress website recently?
Video Blogging Challenge Day 5 by Jan Kearney
Una Doyle says
Hi Jan, I took the two steps you mentioned some time ago however there is a question I’ve got. I keep getting notifications of new users on my site and I’m not 100% clear if that’s people registering with RSS or something, or if they are attempted hacks?
How do I tell the difference please?
Jan Kearney says
Hi Una, anyone can register a subscriber account on a WordPress site unless you turn off the function. It’s an old SEO linkbuilding thing – register an account and add your link in the profile.
If you don’t have a membership site, you can safely turn it off. Go to settings > general and untick the Membership (anyone can register). Don’t forget to delete anyone that shouldn’t be there too.
Misty Spears says
Great tips Jan. Another one I really like is the limit logins plugins, which keeps people from trying to login over and over again. I put it on all of my word press sites.
Happy Birthday!
Jan Kearney says
Thanks Misty!
The site I mentioned has WordFence installed, which includes a login lockout and email alerts. In this case, whoever it was kept switching IPs and hitting again – needless to say, they didn’t get in!
A lockout plugin is essential I think these days
Bonnie Gean says
I am really amazed (and glad) you created 5 videos and kept up with the daily challenge to produce a video. I wasn’t expecting it (since you told me you weren’t intending to do it) — but I am GLAD you moved forward and kept up the pace.
This is something to be PROUD of! Kudos to you, girlfriend.
Happy Birthday! We celebrate our birthdays during the same month. 🙂
Jan Kearney says
Still stunned I did the vids too Bonnie! You know my feelings on it. While it still terrifies me, I have got warm fuzzies I stared that fear down lol
Thanks for the birthday wishes too 🙂
Sky Nealon says
Hi Jan
Thank you for the wonderful share about keeping our WordPress secure, I will certainly make sure I change my passwords routinely and keep my blog updated. I decided to disable the option to allow visitors to register an account because recently I had some random people registering with weird names consisting of numbers and letters, and so I deleted them off immediately. Harsh, but necessary.
Keep up the great work with videos, you’re doing really well to keep up with the challenge.
Sky