My Local Business Online

Jan Kearney - Your Local Business Online Marketing Consultant - call me 07847 554418

Jan Kearney – My Local Business Online

Helping you get your business found online by LOCAL people
Call Me - 07847 554418

You are here: Home / Blogging / Is Your WordPress Secure From Attack?

Is Your WordPress Secure From Attack?

by

WordPress installations worldwide are currently under a brute force attack.  These attacks are targeting the most common username and password combinations.

Is your WordPress Secure?

is your WordPress secure from attack?If you still have your username set as admin, your WordPress sites are very much at risk.

As a precaution, all WordPress users should change their passwords to a secure password that includes upper and lower-case letters, numbers and other characters.

What do you need to do now?

First, change your password.  Do it now while you’re reading, I’ll still be here when you get back.

Then change your admin login to something not admin!

  1. Back up your database.  Here’s a list of free backup plugins you can use.  However, restoring from a free backup isn’t always straight forward.  I recommend Backup Creator as a very easy and cost effective alternative.
  2. Log in, create a new user and give it administrator rights
  3. Log out then log back in with the new username
  4. Delete the old admin selecting the option to transfer all posts to the new user
  5. Update your new user profile with a new nickname, the correct email address and any other info you want in there.

What else can you do to secure your WordPress site?

One of the many comments circulating at the moment is to use a plugin called Login Lockdown.  While this is a good plugin to have on your site, it is not likely to help in this circumstance. 

Why?

The attacks on WordPress are coming from an estimate 100,000 unique IP addresses.  Login Lockdown blocks attempts from the same IP range – and with 100,000 to choose from… well the numbers just don’t add up.

One of the recommendations I give in my guide How To Manually Install WordPress and Build a Secure WordPress Blog (on Kindle at Amazon.co.uk and Amazon.com) is to use Cloudflare.

Amongst other things, Cloudflare helps to increase your site security against common attacks.  There are free and paid options. 

Over on their blog, Cloudflare reported that they have rolled out protection against this spate of attacks and are including it for free accounts too.  It’s well worth popping over and signing up.

What can you do if your WordPress site has already been compromised?

  1. Log into your WordPress dashboard and check your current users.  If you have unknown users with admin rights, delete them.
  2. Change all your passwords for at least all admin users.
  3. Update the security keys in your wp-config file
  4. It is also advised that you restore a known clean version of WordPress

Over to you…

Have you changed your password for your WordPress site? 

Image courtesy of chanpipat / FreeDigitalPhotos.net

Is Your WordPress Secure From Attack? by

Related Posts

About Jan Kearney

I believe that every business, no matter how small or how local can use the power of the web to gain more customers. I offer no bull coaching and mentoring so small business owners can strategically put the web to work for their business. I've been called a "compass" and a "navigator" and probably a few more names that aren't suitable for a profile!
Connect with me on Google+, Facebook, Pinterest

Comments

  2. Joy Healey says

    I lost several sites a couple of years ago – dreadful experience.

    That was when I discovered that my hosting company didn’t make backups on a regular basis ……

    I eventually got most of my content and sites back, but changed my username and password very quickly after that.

    • Jan Kearney says

      I learnt the hard way as well Joy – a painful experience and one I hope I never repeat! Glad you got most of your stuff back in the end. Thanks for popping in 🙂

  3. Carlaa says

    This post is VERY timely. Only yesterday my hosting company sent out an email regarding some recent Brute Force attacks. I have used all the plugins suggested so I know they are great but I’ve neglected to set up a secondary email address associated with my blog, just in case. A plugin that is great for renaming your username is called Admin Renamer Extended. Might be useful if you don’t want to set up a secondary account and just want to change your username and password.

    • Jan Kearney says

      Hi Carlaa – yes WordPress and other PHP based sites like Joomla are being hammered at the moment. Thanks for the admin plugin suggestion – it’s a great plugin!

  4. Katie S says

    Thanks for the tips, Jan. Is finding users you didn’t add yourself the only way to know if your blog has been compromised?

  5. Deb Dutilh says

    Hi Jan,
    This is very useful info. There is so much to know and to be honest, with all the fantastic tips here in the UBC alone, my head is spinning. No wonder they have people who take care of all of this. Thanks for sharing!

Jan Kearney
and My Local Business Online
Helps small business owners get to grips with the web and get found online.
2 Stanley Villas, Greenway Road, Runcorn, Cheshire
Phone: 07847 554418

You need to know

This website uses cookies. By continuing using the site, you are agreeing to the use of cookies. Info on the cookies used can be found in my privacy policy.

Jan Kearney is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk.