Protect your WordPress website
We see a lot of attempted attacks against WordPress websites, due to its popularity and have also been called in when attacks have been successful. There are a number of measures that you can take to help protect yourself.
- Don’t use obvious usernames or passwords – they need to be difficult to guess. eg if your website is called Redleg IT then don’t make the username redleg !
- Make sure you have the Wordfence plugin running, it will block repeated failed logins – we see plenty of those from all over the world, particularly from the Ukraine at the moment. Wordfence has a lot of security features that are essential and its free (you just pay if you want the Premium features).
- Even though you’ve got obscure usernames, there is still something called an enumerated attack that is an attempt to break your password with a guess at a login ID of 1, or other obvious low number. The solution is a bit technical, but you can login to the MySQL database behind the scenes and run the commands described at www.wpwhitesecurity.com/wordpress-security/change-wordpress-administrator-id (Don’t hesitate to call if you want a hand with this)
- Another important layer of security that you can add is CloudFlare. Again the basic service is free. They will attempt to mitigate any DDOS attacks or unusual connections that are detected, whilst maintaining a normal service for legitimate website visitors. If you come under attack, this service works almost like magic!
- Update, update, update – WordPress regularly issue security updates. Make sure you load those updates and the plugin updates ASAP. We do this as a matter of course for all our clients.