It is often seen that most of the WordPress sites   are hacked or damaged by   brute force attacks. Unlike the traditional hacking, brute force attack is a new phenomenon wherein hackers regularly   use random username and password to get access to your website. This hit-and-trial method works most of the times because majority of the site owners don’t have strong login credentials. In most cases, the site owners use the default username ‘Admin’ with any easy password combination like website name, phone number or something which is very easy to guess.

 

By default, WordPress don’t have any login attempt limitation. It allows unlimited login attempts either through the login page or by sending special cookies. So hackers can attempt as many times as they want to login to your website and don’t get halted after a single failed attempt. They can take an overwhelming toll on your server memory causing performance issues. That is why WordPress is not considered as one of the reliable CMS of PHPs.

 

Following are the ways to prevent your website from brute force attacks:

 

1)      Always avoid using the default username ‘Admin‘ while installing WordPress. In case, you already have username ‘Admin’, create a new user with Administrator rights. Log out from website admin and log back into WordPress with a new Administrator, and delete the default user ‘admin‘.

 

2)      While creating your password, always use a strong password combination consisting of upper and lower case characters, numbers and special symbols. Unfortunately, quite often we see the site owners with very weak passwords like abc123, 123456 or something related to their domain.

 

3)      Protect your site using plugins.  There are 3 plugins that I highly recommend – use the one (or two) that meet your needs:

 

  • Limit Login Attempts – This plugin limits the number of login attempts possible both through normal login as well as using auth cookies. For more details, click here.

 

  • Google Authenticator – This plugin gives you two-factor authentication using the Google Authenticator app for Android/iPhone/Blackberry. The two-factor authentication requirement can be enabled on a per-user basis. To know more, click here

 

  • WordFence – This plugin checks if your site is already infected. It does a deep server-side scan of your source code comparing it with the Official WordPress repository for core, themes and plugins. It secures your site and makes it up to 50 times faster.  For further info, click here

 

4)      Always keep your WordPress site updated with the latest version of WordPress and plugins. Most of the times we don’t run WordPress update as there is a possibility of losing the custom coding done in WordPress files. To avoid losing your customization, always put your custom code in a separate file so that even after the WordPress is updated, you won’t lose your custom code.

 

5)      Always download WordPress Plugin and themes from trusted and reliable sources.

 

 

Posted By-

Mohit Saxena

 

Disclaimer: Developer’s Corner Section of ISHIR blog is contributed and maintained by independent developers. The content herein is not necessarily validated by ISHIR.

Leave a Reply

Your email address will not be published. Required fields are marked *

twelve + nineteen =

ISHIR is a globally diversified leading offshore software development company with experience and expertise in a broad range of services and solutions. With 15 years of experience in the IT industry, ISHIR enables cost-effective and dependable software outsourcing solutions. We have over 900 satisfied clients across the globe and matured to become an extension of their internal teams.

We are experts in the field of software development, web design and development, managed cloud services, software testing, application development services and customer software development. India is a sought after market for addressing software development outsourcing requirements for enterprises across the world. ISHIR offers the value add of in-depth knowledge of all the key industries combined with the commitment to innovate and offer next-generation technological advantage. As a renowned custom software development company in India, one of the key differentiators that we offer is to understand our clients’ business objectives and challenges and align the right technology to provide customized solutions.

Headquartered in Dallas, with global delivery center in Noida, India, we are one of the preferred software development companies with a unique combination of skilled people, world-class processes and robust technology. ISHIR has a successful track record of delivering hundreds of projects using various tools and technologies. We have delivered on-time and on-budget custom software development services and application development services. Using our flexible delivery models, we have ensured success in all our offshore outsourcing projects. We have added substantial value and savings for our clients, often exceeding up to 85%, making us a dependable offshore Software Development Company. As a front runner software development company, India, we ensure that we go the extra mile to maximize ROI for our clients and act always as a trusted advisor of our clients.

Help desk software