Does Your Online Asset, Your WordPress Website, Have Adequate WordPress Security?
Wordfence, a WordPress Security company has reported that WordPress sites are under large bruteforce attacks!
Wordfence said that it noted a huge increase in the size of attack on February 10th. The attack was at a such large scale that they had to throttle the data being generated and displayed on its monitors. Another security company BruteProtect also told WPtavern that they also noted the huge increase in attack.
You can read more of this on http://www.technewsplus.com/wordpress-sites-large-bruteforce-attack/911/
So what is a bruteforce attack? As per Wikipedia (http://en.wikipedia.org/wiki/Brute-force_attack):
In cryptography, a brute-force attack, or exhaustive key search, is a cryptanalytic attack that can, in theory, be used against any encrypted data (except for data encrypted in an information-theoretically secure manner). Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of systematically checking all possible keys or passwords until the correct one is found. In the worst case, this would involve traversing the entire search space.
So How Do We Minimize Risk Of Bruteforce Attacks?
Well, we could adopt some basic measures:
- Change the username for logging onto WordPress from ‘Admin’ to something else.
- Abandon weak passwords and adopt strong passwords, preferably have a combination of numbers, small and capital alphabets and symbols.
- Limit login attempts. We can define the number of login attempts a user can try to access the site and once the number is exceeded, then the user will be temporarily log out of the site for a pre-defined period of time. We can achieve this using a WordPress plugin like Limit Login Attempts (http://wordpress.org/plugins/limit-login-attempts/).
- Install WordPress Security plugins like Wordfence, Better WP Security, etc. Once the setting are defined, these plugins will help to scan your WordPress site for vulnerabilities, attempt to rectify any weakness detected and alert you.
If you want to find out more about WordPress Security, please feel free to give us a yell at contact us!