By Nwachi Henry Onyeka. Entry for Haba Naija Business StartUp Package Contest.
WordPress without doubt is the most popular blogging platform used worldwide. Of recent millions of wordpress blogs have come under mass attacks. These date as far back as October 2012 when wordpress officially disclosed that at least 50,000 of its blogs had been compromised.
This certainly leaves one question on your mind. Why the attacks? What are the hackers benefiting? A lot if you ask me. First, wordpress servers have medium to high amounts of bandwidths available which can be used for various purposes such as launching Denial Of Service(DOS) attacks against other servers, serving as bots in botnets e.t.c. The infected wordpress hosts can also be used to infect the visitors of these blogs via security lapses in their browsers(this highlights the importance of genuine anti-virus software installed).
Hackers are compromising wordpress blogs and turning them into bots which form their botnet(a collection of networked, compromised computers) primarily to gain access to websites across the world, send spams ,commit fraud e.t.c. Next up, I would brief u on how they are getting in.
Hackers get in through what is known as “brute-force attack” .This attack has one sole aim which is to try as much username/password combination as possible in order to get your login credentials. It is as good as someone sitting on their computer trying to get your Facebook email/password to gain access to it. They get to try a handful per minute, difference is; using brute-force attack they can attempt as much as 100,000 combinations in a minute. I think that should give you a clearer understanding of how much of a threat these hacks are. Also, since your blog is now getting these high amount of login attempts, your blog becomes slow & hard to access & in the worst case scenario your host may have to suspend your hosting due to the added load your blog is adding to their server.
Now that we have an understanding of what these attacks are & the reasons why they are carried out. The main purpose of this write-up must be discussed; how to protect my wordpress blog from hackers. The next 4 paragraphs would each discuss 4 easy protections against these attacks.
First, kindly change the default “admin” username which is given to new wordpress blogs.
Step 1: Login to your wordpress admin panel.
Step 2: Select the “User” area from your sidebar & click on “Add new user”
Step 3: Fill in the form & choose
“Administrator” from the “Role” drop down list. You would need a different email address other than the one being linked to the blog. Click “Add new user” when done.
Step 4: Logout of wordpress
Step 5: Log in with the credentials of the new admin account just created.
Step 6: Go to the “Users” menu from the dashboard.
Step 7: Delete the previous admin account. You would then be asked about the articles posted under the previous admin username. Select the option “Attribute all posts & links to”: then select the new username .Lastly click “Confirm deletion”. You are done with changing the admin
Secondly, a secure password should be chosen. Research shows that these passwords are among the most used: admin, admin123, 123456, 123123, 123456789, password, root, 1234, qwerty, welcome, pass, abc123, 1111, test, iloveyou. All these are obviously easy to guess passwords.
If you aren’t so good with creating difficult-to-guess yet easy-to-remember passwords, u can just create a very strong password which u won’t forget, something like will_i_@m7 or something & open an account with Lastpass.com(which is a very secure password storage site).In this case you just need your will_i_@m7 password to login to lastpass and access your numerous passwords stored there.
Thirdly, Install wordpress security Plugins. They usually offer free security & please install ONLY those with positive reviews from its users & those that are regularly updated.
A few I would recommend are Akismet(prevents spam), Better WP Security(for securing your wordpress blog), Wordfence Security(Firewall & Anti-virus plugin), & Duo for WordPress(Two-factor authentication) .
Last but not the least, Regularly Update everything. Plugins installed are compromised regularly i.e flaws are discovered. Security patches are added to the updated plugins. It is important to get these new versions installed. You may use WP Updates Notifier (get notified via email when there are updates) …
Thanks for taking your time to read through this post. I hope I have done the little I could informing you on steps to make your WordPress blog more secure. Thanks