My Local Business Online

Jan Kearney - Your Local Business Online Marketing Consultant - call me 07847 554418

Jan Kearney – My Local Business Online

Helping you get your business found online by LOCAL people

  • Home
  • Problems I Solve
    • I need a website that works
    • I need more online visibility for my local business
    • I want to start video marketing
    • My WordPress site baffles me
  • Why I Do It
    • Privacy
  • Toolbox
  • Contact Me
You are here: Home / Blogging / Is Your WordPress Secure From Attack?

Is Your WordPress Secure From Attack?

April 13, 2013 by Jan Kearney

WordPress installations worldwide are currently under a brute force attack.  These attacks are targeting the most common username and password combinations.

Contents

  • Is your WordPress Secure?
  • What do you need to do now?
  • What else can you do to secure your WordPress site?
  • What can you do if your WordPress site has already been compromised?
  • Related Posts

Is your WordPress Secure?

is your WordPress secure from attack?If you still have your username set as admin, your WordPress sites are very much at risk.

As a precaution, all WordPress users should change their passwords to a secure password that includes upper and lower-case letters, numbers and other characters.

What do you need to do now?

First, change your password.  Do it now while you’re reading, I’ll still be here when you get back.

Then change your admin login to something not admin!

  1. Back up your database.  Here’s a list of free backup plugins you can use.  However, restoring from a free backup isn’t always straight forward.  I recommend Backup Creator as a very easy and cost effective alternative.
  2. Log in, create a new user and give it administrator rights
  3. Log out then log back in with the new username
  4. Delete the old admin selecting the option to transfer all posts to the new user
  5. Update your new user profile with a new nickname, the correct email address and any other info you want in there.

What else can you do to secure your WordPress site?

One of the many comments circulating at the moment is to use a plugin called Login Lockdown.  While this is a good plugin to have on your site, it is not likely to help in this circumstance. 

Why?

The attacks on WordPress are coming from an estimate 100,000 unique IP addresses.  Login Lockdown blocks attempts from the same IP range – and with 100,000 to choose from… well the numbers just don’t add up.

One of the recommendations I give in my guide How To Manually Install WordPress and Build a Secure WordPress Blog (on Kindle at Amazon.co.uk and Amazon.com) is to use Cloudflare.

Amongst other things, Cloudflare helps to increase your site security against common attacks.  There are free and paid options. 

Over on their blog, Cloudflare reported that they have rolled out protection against this spate of attacks and are including it for free accounts too.  It’s well worth popping over and signing up.

What can you do if your WordPress site has already been compromised?

  1. Log into your WordPress dashboard and check your current users.  If you have unknown users with admin rights, delete them.
  2. Change all your passwords for at least all admin users.
  3. Update the security keys in your wp-config file
  4. It is also advised that you restore a known clean version of WordPress

Over to you…

Have you changed your password for your WordPress site? 

Image courtesy of chanpipat / FreeDigitalPhotos.net

Is Your WordPress Secure From Attack? by Jan Kearney

Related Posts

  • how to install wordpress manually cover
    How to Install WordPress and Build a Secure WordPress Blog – Now on Kindle

    I finally did it!  I got over myself and published my first guide on Kindle,…

  • Get to the top of Google? Searching for Answer on Internet
    What Is The Best Way To Get To The Top Of Google?

    It's easy to get to the top of Google search rankings... Honest, it is. Anyone…

  • A Simple Way To Increase Your WordPress Security [Video]

    Talking about Wordpress security isn't particularly sexy or interesting.  It is an important topic though. …

Filed Under: Blogging Tagged With: blogging, install WordPress, WordPress, WordPress security

About Jan Kearney

I believe that every business, no matter how small or how local can use the power of the web to gain more customers. I offer no bull coaching and mentoring so small business owners can strategically put the web to work for their business. I've been called a "compass" and a "navigator" and probably a few more names that aren't suitable for a profile!
Connect with me on Google+, Facebook, Pinterest

Comments

  1. Denys Kelley says

    April 13, 2013 at 9:44 pm

    Yes I did! After we had to wait a bit to get back into it! whew!
    Great post Jan! Lots of great information.

    • Jan Kearney says

      April 13, 2013 at 11:55 pm

      You’re on the ball, Denys!

  2. Joy Healey says

    April 14, 2013 at 12:27 am

    I lost several sites a couple of years ago – dreadful experience.

    That was when I discovered that my hosting company didn’t make backups on a regular basis ……

    I eventually got most of my content and sites back, but changed my username and password very quickly after that.

    • Jan Kearney says

      April 14, 2013 at 6:42 am

      I learnt the hard way as well Joy – a painful experience and one I hope I never repeat! Glad you got most of your stuff back in the end. Thanks for popping in 🙂

  3. Carlaa says

    April 14, 2013 at 12:57 am

    This post is VERY timely. Only yesterday my hosting company sent out an email regarding some recent Brute Force attacks. I have used all the plugins suggested so I know they are great but I’ve neglected to set up a secondary email address associated with my blog, just in case. A plugin that is great for renaming your username is called Admin Renamer Extended. Might be useful if you don’t want to set up a secondary account and just want to change your username and password.

    • Jan Kearney says

      April 14, 2013 at 6:44 am

      Hi Carlaa – yes WordPress and other PHP based sites like Joomla are being hammered at the moment. Thanks for the admin plugin suggestion – it’s a great plugin!

  4. Katie S says

    April 14, 2013 at 6:43 pm

    Thanks for the tips, Jan. Is finding users you didn’t add yourself the only way to know if your blog has been compromised?

    • Jan Kearney says

      April 14, 2013 at 11:29 pm

      From what I have read around the web, with this attack additional users may be added to your dashboard.
      In general, sites are often compromised to add spammy links or malware – you can pick those up using the free site scan over at http://sitecheck.sucuri.net/scanner/

      • Deb Dutilh says

        April 16, 2013 at 12:07 am

        Thanks, Jan! I got a clean bill of scan from the sitecheck link, too.

        • Jan Kearney says

          April 16, 2013 at 9:49 am

          That’s always good news, Deb! 🙂

  5. Deb Dutilh says

    April 14, 2013 at 6:58 pm

    Hi Jan,
    This is very useful info. There is so much to know and to be honest, with all the fantastic tips here in the UBC alone, my head is spinning. No wonder they have people who take care of all of this. Thanks for sharing!

    • Jan Kearney says

      April 14, 2013 at 11:21 pm

      Remember to breathe, Deb – it’s not as overwhelming then 🙂 Thanks for popping in and good luck with the UBC!

  6. Eleanor says

    April 17, 2013 at 6:34 pm

    These are all solid and great tips. I prefer WPTwin by Jason Fladlien and Wilson Mattos for backing my sites up.

    • Jan Kearney says

      April 17, 2013 at 11:24 pm

      I think that’s because of your crazy crush? Heard good things about WPTwin, not tried it myself…

  7. Arla DeField - SayingNoWithoutFeelingGuilty.com says

    April 18, 2013 at 10:25 pm

    oh my gosh! Went and checked like you suggested. Talked to my webmaster and so far, whew, we are good. Crazy all this hacking!

Meet Jan Kearney

I believe that every business, no matter how small or how local can use the power of the web to gain more customers. I offer no bull coaching and mentoring so small business owners can strategically put the web to work for their business. I've been called a "compass" and a "navigator" and probably a few more names that aren't suitable for a profile!
Connect with me on Google+, Facebook, Pinterest or Discover More About My Local Business Online…

Also On The Blog…

7 Useful image optimisation tips for search and social media

7 Useful Image Optimisation Tips For Search And Social Media

A web page without an image is almost naked, missing something, a finishing touch. Basic image optimisation can transform your web pages, product … [Read More...]

50 Fabulously free stock photo sites to bling up your blog

50 Fabulously Free Stock Photo Sites To Bling Your Blog

Not all of us have photographic talent. Creating your own photo images for your website, social updates, blog or presentations is HARD.  When the … [Read More...]

Is your business website Google-worthy in 2016?

Is Your Business Website Google-Worthy In 2016?

Creating your own local business website is never an easy task, especially when the guidelines change regularly. As always online, the only thing you … [Read More...]

Jan Kearney
and My Local Business Online
Helps small business owners get to grips with the web and get found online.
2 Stanley Villas, Greenway Road, Runcorn, Cheshire
Phone: 07847 554418

You need to know

This website uses cookies. By continuing using the site, you are agreeing to the use of cookies. Info on the cookies used can be found in my privacy policy.

Jan Kearney is a participant in the Amazon EU Associates Programme, an affiliate advertising programme designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.co.uk.

More Info

  • Contact Me
  • About
  • Privacy

Copyright © 2021 · Epik on Genesis Framework · WordPress · Log in