WordPress Login Security

WordPress remains a very secure and stable blogging platform, but there is more that can be done out of the box to help protect your private data. There are many simple steps that can be taken, even by the inexperienced blog owner and a multitude of plug-ins available that can help. Once thing to be particularly aware of is brute force attacks. Brute force login attempts are one of the more common, rather annoying and potentially dangerous types that can occur.

Brute force happens when an attacker targets the login screen for your blog and repeatedly attempts to guess the username and password to gain access. By default, WordPress allows you to type in incorrect usernames and passwords infinitely. Since there is nothing to stop the attacker, they can try for minutes or hours entering a dictionary list of names and simple passwords in the hope of just stumbling upon the correct one. Installing something as simple as the “Login Lockdown” plug-in can combat this.

The plug in works by limiting the number of attempts you can make to enter your username and password in a given timeframe (typically 3 tries in a 5 minute period). Once that limit is reached, the IP address of the potential attacker is blocked for up to an hour. This is usually enough to discourage the would be hacker and make them move on to a different target. There are many plug-ins that can do this, but we recommend the plugin is recommended for three reasons:

  1. Easy to set up
  2. Easy to administrate
  3. It just plain works!

Brian Yurick

Need help installing, upgrading or optimizing your WordPress blog or site? http://easywordpressinstall.com can help. Try us out!

This entry was posted in Articles, Plugins and tagged , , , . Bookmark the permalink.

One Response to WordPress Login Security

  1. Mark says:

    For those who think that you don’t need to secure WordPress, here are some stats that might open your eyes WordPress Security Statistics — read those stats and then go secure your blog!

Leave a Reply

Your email address will not be published. Required fields are marked *