As we tweeted yesterday that there’s a widespread attack on WordPress. The medias BBC, ZDNet and all the hosting providers have announced the attack is still in progress on all wordpress installations. The attacks making use of botnet, which appears to have to have more than one hundred thousands computers at its disposal. Their target is simply to find wordpress installations to compromise and later use them to distribute malwares, and further increase the botnet.
Is your WordPress safe ?
There are few things that you need to do to prevent your wordpress from becoming the victim of brute force attack.
1. Change the admin username
If you still using ‘admin’ as the username for your wordpress, change it!
Use your own username as this is the simply guessed by the botnet.
2. Use stronger password
Follow the guide on wordpress for selecting stronger password for your website.
3. Update your wordpress
Updating your wordpress installation and plugin is crucially important.
Those are basic important things you need to do for securing your wordpress sites. If you are looking for plugins to protect your wordpress, you can try wordfence or Better WP Security.
There is also SecureScanPro by PageOne, here are some features it can do
The most efficient plugin that is easiest to use is SecureScanPRO. You don’t need to be a rocket scientist to set it up – and you can have a safe and secure website in minutes.
– It scans your sites for weaknesses.
– Provides instant 1 click fixes for 12 of the most serious issues.
– Automatically checks core wordpress files against wordpress.org for attacked files.
– Scans and Emails you if anything has changed.
– Emails you if anyone tries to hack your site.
– Automatically bans repeated logins.
– Presents a captcha to the login interface to stop bruteforce bots.