You have all likely heard about the recent rise in brute force attacks against WordPress, if you have not: Sucuri has been chronicling it for you. Here at Pagely we have the the best in class enterprise security appliances protecting our network, additional 2nd level mechanisms in place to throttle and block brute force attacks against our clients sites, as well as remediation procedures should something get through. However Regarding brute force attacks; here is the honest truth that most hosting company’s may not tell you. You the site owner are the first and last line of defense
Regarding brute force attacks; here is the honest truth that most hosting company’s may not tell you. You the site owner are the first and last line of defense.
A brute force attack is simply a program trying to login to your site with common username and password combinations. The easiest way to defeat these attempts is to use a good password pass-phrase.
Img Credit: xkcd.com
This simple change to your online habits will increase the security of your properties 1000 fold. We’ll keep protecting your WordPress sites from the various and nefarious denizens of the interwebs as best as we can, but if your password is “password”, you are defeating all the work we are trying to do for you.
A easy to remember 3 or 4 word pass-phrase is WAY harder to krack/guess then mYp@sw0®d.
Easy fixes to protect your WordPress site:
- Use a pass-phrase
- Don’t use a common user-name.
- Purchase and use an SSL for your login pages.
- Use Roles responsibly. Not every user needs “administrator” rights.
- Remove the default ‘admin’ account. (Create a new user with Administraor rights and good pass-phrase, login with it, and remove the ‘admin’ user)
- Did we mention to use a pass-phrase.
I use SSL for my wp-admin and logging, but I found that not all plugins work over SSL, so that’s one thing to be careful of.
A plugin similar for pass phrases could be the One Time Password plugin.