We are now offering an automated, fully managed security solution!
- Secure your site from attack
- Say goodbye to the mundane tasks of updating
- Live easy knowing that your WordPress website is in good hands
There are many ways to protect a WordPress-based blog or site from brute force login attacks. To prevent unauthorized access we recommend the following:
Harden your WordPress site with these tips
- Enforce strong passwords for all users.
- Make sure non-administrators cannot see available updates.
- Make sure the “admin” user has been removed.
- Make sure the user with id 1 has been removed.
- Make sure your table prefix is NOT “wp_”
- Make sure You have scheduled regular backups of your WordPress database.
- Make sure Your WordPress admin area is not available when you will not be needing it..
- Make sure You are blocking known bad hosts and agents with HackRepair.com’s blacklist..
- Make sure Your login area is protected from brute force attacks. (duh)
- Make sure Your WordPress admin area is hidden.
- Make sure Your .htaccess file is fully secured.
- Make sure Your installation is actively blocking attackers trying to scan your site for vulnerabilities.
- Make sure Your installation is actively looking for changed files.
- Make sure Your installation does not accept long URLs.
- For multi-user websites it’s sometimes not a good idea to allow other users to edit theme and plugin files from the WordPress backend.
- Make sure the wp-config.php and .htacess are not writeable.
- A good practice is to hide version information from various plugins and themes.
- You should rename the wp-content directory of your site. (this can sometimes cause conflicts between plugins)
You can use Better WP Security plugin to cover most (if not all) of the above.
Use a strong password
Make it difficult for hackers to guess your password. Change your password with an awesome strength password. You should also change your password every 90 days and never use the same password from the past.
We recommend a very useful tool called 1Password.
See also Hardening WordPress to keep your WordPress site secure.
Please comment and let us know what you’ve tried and what works for you.