Large-scale attacks on the Internet are unfortunately nothing new, and the latest brute-force effort is currently targeting usernames and passwords for WordPress sites in an effort to take control of tens of thousands of servers. So if you’re a WordPress user, now is the time to beef up security and ensure you’re doing everything you can to protect your site and content.
HostGator and CloudFlare estimate more than 90,000 IP addresses are currently involved (probably from low-powered home PCs), and that the individual or group involved controls a botnet—a collection of internet-connected programs communicating with each other in order to perform tasks—of more than 100,000. It’s also believed there have been coordinated attacks on virtually every WordPress site hosted on the CloudFlare network alone, focusing on “denial of service” responses.
What can you do immediately to protect your WordPress account? Here are four quick and easy fixes:
- Be sure your username isn’t “admin,” the default username used by every WordPress site. This makes it harder for the hackers–who are probably using a dictionary-based program—as they need to find both your username and password.
- Change your password and make it VERY strong. No one should ever be able to just guess what it is.
- Install one of the WordPress plugins that limit the number of login attempts from the same IP address.
- If your site is hosted directly at WordPress.com, turn on the two-factor authentication program to add an extra layer of security.