It seems that WordPress is a favorite brute force target among website “thieves”. I call them thieves because that is what they do, STEAL. They take your website and use it for their nefarious activities. You loose control of your website and your good name. These criminals can ruin a great website and create untold damage for the owner and loyal readers. Much has been written about website security by those much more knowledgeable than me, but I can speak of my own experience and share what works for me.
My toolbox has 3 must use plugins:
Constant updating and staying tuned in to WordPress security information is a must. I usually check the WordFence website for news and I often times do a Google search about WordPress and the latest threats. Let us not forget the value of strong passwords and unusual wp-admin user names. These two things are the first line of defense for any website.
Upon checking WordFence this morning, their “real-time” WordPress/WordFence protection map states:
“The current frequency of attacks we’re seeing across all WordPress sites running WordFence is 13130 attacks per minute. Map is currently showing 3% of all attacks to avoid overloading your web browser. These statistics and the graph below are continually updated if you stay on this page.”
The hacking attempt numbers change constantly, but it gives you and idea of the scope of the actual threats against WordPress. Keep in mind this is ONLY websites that are protected with WORDFENCE. I submit that we can assume the hacking attempts are far greater than what is reported on the WordFence website.
Yes, I love WordFence and no, I am not an affiliate, so my plug here is because I find WordFence to be a great product, easy to use and offers many options, one being a free version of their WP plugin. The paid versions offer some unique functions, including per country blocking. If you want to block all web traffic from China, then you can do so with a click of the mouse. How awesome is that?
You can set WF to notice you if someone is locked out from a set number failed login attempts, which is usually indicative of hacking. I recommend you check out their website, even if is just to look at their real-time map of hacking attempts.
SweetCaptcha is not only a good captcha program, it is actually fun. It plays well with most other plugins and WP themes. It is easy to use and has a free and paid version as well. I use it on the admin login page, which seems to help slow down the hackers as well as spam bots.
Today is a good day as any to take a little time to review what is in your website security toolbox and see what tools you are using. Evaluate what you are doing and ask yourself if you need to beef up your first lines of defense against hackers, spammers, and cyber crooks.
I want to thank WordFence, SweetCaptcha, and Akismet for offering free and affordable versions of their plugins, because for me, my shoestring budget needs all the help it can get. It is nice to know that there are good people out there that believe in the good of others and offers useful tools at affordable prices.