Protecting Your Wordpress Site From Hackers

Last Update: June 22, 2012
As most of you wordpress site owners may know hacking has been on the rise recently. My site has been attacked quite often and in this blog I am going to show you exactly how I protect my site from these attacks.

First, I installed a plugin called "login lock" This plugin is excellent and enforces strong password policies, monitors login attempts, blocks IP address for too many failed login attempts. You can set the parameters for how many attempts someone can make before their IP is temporarily blocked. I have it set to two attempts. Here is an overview of the other features this plugin has:

Enforces strong password selection policies.
1. Monitors login attempts.
2. Blocks IP addresses for too many failed login attempts.
3. Lets you manually unblock IP addresses at any time.
4. Lets you forcibly log out all users immediately and require that they all change their passwords before logging back in.
5. Lets you forcibly log out idle users after a configurable number of minutes.

Enforce Strong Password Policies

Define which types of characters must be used in passwords.
Define the minimum required password length.
Define how long a password is valid before it must be changed.
Prevent users from reusing the same passwords repeatedly.
Prevent users from choosing common passwords, includes a list of more than 3100 common passwords.

Emergency Lock Down

"If your site is ever hacked then you probably need to make sure the intruder is forced to logout and is no longer able to log back in to your site."

Login Lock provides an emergency “panic button” that, when used, immediately logs out all users, resets all user passwords to a random value, and sends each user an email message informing them that they must change their password before logging back in to your site.

Secondly, I use a free tool called last pass manager which is completely free. This tool will create passwords, even encrypted passwords and store them for you. Its basically a powerful is an online password manager and form filler. If you have dozens of sites and other locations online where you need to login this free tool is a massive time saver. And really who can remember hundreds of encrypted passwords. I have used this tool for a few years now with no issues what so ever.

So you add this login lock plugin to your wordpress site. You then create a very strong password to include characters and symbols. I use about 15 characters total.

If someone attempts to login or hack your wordpress site the plugin will notify you via email and lock the ip out of your site for 60 minutes. Once you receive this notification you will then go to your hosting service and ban that IP address. Its really that easy to protect yourself.

I was a victim of a few attacks per day but now I have blocked every IP address that has tried and failed. So now I am down to maybe one attack a month if that. Take security and hacking very seriously, it can happen to anyone and doing the above steps aside from backing up your site will protect all your hard work.

Join the Discussion
Write something…
Recent messages
Amy Farr Premium
Thank you for the direct url.
I did access it via word press and downloaded it in the plugin area, that's when I started to play around with it and had issues.
Will try again, thanks so much!!!
David_S Premium
Your very welcome, its very easy to use and works very well to protect your site. I've used it for quite some time now.
Amy Farr Premium
I just attempted to go to "login lock" website and my computer blocked it, saying its security is questionable, and my information may be intercepted, excatly what I am trying to avoid? hmmm
sorry to add that here, just need some assistance please when you have a minute.
David_S Premium
Hi Amy, not sure where you ended up but this is a wordpress plugin http://wordpress.org/extend/plugins/login-lock/ I gave you the direct url so since its wordpress it shouldnt be questionable. You can also get the plugin downloaded in your plugin download area as well. Thats how I get them.
Amy Farr Premium
Thank you! Being new I haven't thought of anything like protection. Will do!
Labman_1 Premium
This is a nice post. I'm sure some folks would appreciate a full tutorial. It sounds like there are a lot of Kaspersky attacks happening right now.
David_S Premium
Thank you, you know its funny, I never really thought too much about security in the beginning of my site but when I installed lock down on a suggestion I was absolutely shocked at how many attempts there was to hack into my site every day! Most of the culprits where from Australia, and Spain. Just figured if there were was anyone out there like me who didn't really think much of security they should. We work very hard on our sites.
andre.ramos Premium
very well done! thank you! i'll do it with all of my blogs from now on, my passwords aren't good, i'l change them too! being hacked means losing money and i'm sure nobody here wants it!
David_S Premium
Your right about that. We work so hard on our sites and they can be hacked in no time. Follow the above steps and make your password encrypted. If you have any questions let me know and I can walk you though it.
Top