Now it is confirmed that hackers are targeting WordPress based websites. A recent botnet has been found that is used for brute force attacks on WordPress and Joomla websites. This botnet contains more than 90,000 different IP address so it is hard to protect WordPress website only by blocking login attempts.
If you are a WordPress user, you need to worry about that. In this post, I am listing few ways to protect your WordPress based website from Brute Fore attacks.
How to Protect WordPress From Brute Force Attacks
Stop Using username “admin”
This is the most common mistake WordPress users do. They use common users name such as admin, administrator, root or website name. Website having these usernames are most likely to be hacked. If you are using username as admin, change it now. Read earlier post explaining how to change username of WordPress website.
Use Strong Password
This is another common mistake generally users do. Never use a weak, short and easy to guess password.A strong password contains characters in upper case, lowercase, numbers and special characters. Password length must also be more than 10 characters. In Brute force attack, attackers try all common passwords. So, have an easy to guess password.
Limit Login attempts
You should also limit number of login attempts. If a person enters wrong password by these number of times, he will not be able to use login form any more. Although, this is an important step we can take to protect from brute force attack. But the recent attacks are using more than 90,000 different IP addresses. So, this protection may fail. Still, you can use this. You can use limit login attempts WordPress plugin.
Also read: How to backup WordPress
Password Protect WP-Admin
This is also a nice way you can use to prevent hackers from your website. For this, you can either use .htpasswds file method, or cpanel. If you want to use .htpasswds method, try this generator. If you are planning to do it with cpanel, login in cpanel and see security section.
Use Some popular security plugins
There are some nice WordPress security plugins available that can help you in making your WordPress secure. These plugins are Wordfence Security, BulletProof Security and Better WP Security. These plugins protect WordPress from different kind of vulnerabilities and attacks.
Backup your Website
At last, keep the backup of your website. Although we have added many things to protect WordPress, but there is a possibility to hack your website. In case your website has been hacked, you can restore your website from backup. Read an older post explaining how to backup WordPress websites.
We cannot say why attackers are performing these attacks and what is the end of it. But it is never too late. You should try everything you can do to prevent hackers from hacking your WordPress. Try all steps mentioned above to protect WordPress website.