Reconnecting...
Protecting Your Wordpress Site From Hackers
Last Update: June 22, 2012
As most of you wordpress site owners may know hacking has been on the rise recently. My site has been attacked quite often and in this blog I am going to show you exactly how I protect my site from these attacks.
First, I installed a plugin called "login lock" This plugin is excellent and enforces strong password policies, monitors login attempts, blocks IP address for too many failed login attempts. You can set the parameters for how many attempts someone can make before their IP is temporarily blocked. I have it set to two attempts. Here is an overview of the other features this plugin has:
Enforces strong password selection policies.
1. Monitors login attempts.
2. Blocks IP addresses for too many failed login attempts.
3. Lets you manually unblock IP addresses at any time.
4. Lets you forcibly log out all users immediately and require that they all change their passwords before logging back in.
5. Lets you forcibly log out idle users after a configurable number of minutes.
Enforce Strong Password Policies
Define which types of characters must be used in passwords.
Define the minimum required password length.
Define how long a password is valid before it must be changed.
Prevent users from reusing the same passwords repeatedly.
Prevent users from choosing common passwords, includes a list of more than 3100 common passwords.
Emergency Lock Down
"If your site is ever hacked then you probably need to make sure the intruder is forced to logout and is no longer able to log back in to your site."
Login Lock provides an emergency “panic button” that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site.
Secondly, I use a free tool called last pass manager which is completely free. This tool will create passwords, even encrypted passwords and store them for you. Its basically a powerful is an online password manager and form filler. If you have dozens of sites and other locations online where you need to login this free tool is a massive time saver. And really who can remember hundreds of encrypted passwords. I have used this tool for a few years now with no issues what so ever.
So you add this login lock plugin to your wordpress site. You then create a very strong password to include characters and symbols. I use about 15 characters total.
If someone attempts to login or hack your wordpress site the plugin will notify you via email and lock the ip out of your site for 60 minutes. Once you receive this notification you will then go to your hosting service and ban that IP address. Its really that easy to protect yourself.
I was a victim of a few attacks per day but now I have blocked every IP address that has tried and failed. So now I am down to maybe one attack a month if that. Take security and hacking very seriously, it can happen to anyone and doing the above steps aside from backing up your site will protect all your hard work.
First, I installed a plugin called "login lock" This plugin is excellent and enforces strong password policies, monitors login attempts, blocks IP address for too many failed login attempts. You can set the parameters for how many attempts someone can make before their IP is temporarily blocked. I have it set to two attempts. Here is an overview of the other features this plugin has:
Enforces strong password selection policies.
1. Monitors login attempts.
2. Blocks IP addresses for too many failed login attempts.
3. Lets you manually unblock IP addresses at any time.
4. Lets you forcibly log out all users immediately and require that they all change their passwords before logging back in.
5. Lets you forcibly log out idle users after a configurable number of minutes.
Enforce Strong Password Policies
Define which types of characters must be used in passwords.
Define the minimum required password length.
Define how long a password is valid before it must be changed.
Prevent users from reusing the same passwords repeatedly.
Prevent users from choosing common passwords, includes a list of more than 3100 common passwords.
Emergency Lock Down
"If your site is ever hacked then you probably need to make sure the intruder is forced to logout and is no longer able to log back in to your site."
Login Lock provides an emergency “panic button” that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site.
Secondly, I use a free tool called last pass manager which is completely free. This tool will create passwords, even encrypted passwords and store them for you. Its basically a powerful is an online password manager and form filler. If you have dozens of sites and other locations online where you need to login this free tool is a massive time saver. And really who can remember hundreds of encrypted passwords. I have used this tool for a few years now with no issues what so ever.
So you add this login lock plugin to your wordpress site. You then create a very strong password to include characters and symbols. I use about 15 characters total.
If someone attempts to login or hack your wordpress site the plugin will notify you via email and lock the ip out of your site for 60 minutes. Once you receive this notification you will then go to your hosting service and ban that IP address. Its really that easy to protect yourself.
I was a victim of a few attacks per day but now I have blocked every IP address that has tried and failed. So now I am down to maybe one attack a month if that. Take security and hacking very seriously, it can happen to anyone and doing the above steps aside from backing up your site will protect all your hard work.
Join the Discussion
David_S
Premium
Hi Amy, not sure where you ended up but this is a wordpress plugin http://wordpress.org/extend/plugins/login-lock/ I gave you the direct url so since its wordpress it shouldnt be questionable. You can also get the plugin downloaded in your plugin download area as well. Thats how I get them.
David_S
Premium
Thank you, you know its funny, I never really thought too much about security in the beginning of my site but when I installed lock down on a suggestion I was absolutely shocked at how many attempts there was to hack into my site every day! Most of the culprits where from Australia, and Spain. Just figured if there were was anyone out there like me who didn't really think much of security they should. We work very hard on our sites.
andre.ramos
Premium
very well done! thank you! i'll do it with all of my blogs from now on, my passwords aren't good, i'l change them too! being hacked means losing money and i'm sure nobody here wants it!
David_S's Posts
3 posts
9 comments
11 likes
15 comments
9 likes
10 comments
6 likes