WordPress sites worldwide are currently experiencing a ‘bruteforce attack’ from malicious hackers who clearly don’t have anything more useful to do with their time or skills.
WordPress is a brilliant platform, however one of the very features that makes it so brilliant – its opensource nature – can also mean it is vulnerable to attack.
Follow these basic steps to protect your site:
- backup daily (I recommend ithemes.com/purchase/backupbuddy)
- use the security tools and support provided by experts (I recommend sucuri.net)
- change the default ‘admin’ username
- limit login attempts (use http://wordpress.org/extend/plugins/limit-login-attempts)
- create a secure password (use one of these http://mashable.com/2013/01/22/password-generators)
- keep your plugins and themes updated
- remove the wordpress version from your page (instructions here: http://www.labnol.org/internet/blogging/wordpress-tips-post-installation-hacks/3931/#version)
- rename your table prefix (this plugin will help you: http://wordpress.org/extend/plugins/db-prefix-change/)
- password protect your wp_login file and update your the .htaccess File (instructions here: http://support.hostgator.com/articles/specialized-help/technical/wordpress/wordpress-login-brute-force-attack)
If you have more tips feel free to add them below – and feel free to ask us if you need help: firstname.lastname@example.org