WordPress Security

LJSHost · Jul 5, 2016

Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.

Brute Force Protection

Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.

Exploits

Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.

Paul Wellner Bou · Jul 5, 2016

LJSHost said:
Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.

Brute Force Protection

Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.

Exploits

Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.

Exactly I often update my Wordpress version when a latest version is released.

Beside using a wordpress plugin, there is an alternative to stop Brute Force? What about pingpack and trackback? I heard that it helped hackers to attack WP sites, right?

LJSHost · Jul 5, 2016

Those tools could be useful for hackers yes.

An alternative to the brute force plugin would be to block access to WordPress admin page by using .htaccess to require a password to proceed to your admin login page.
This solution can also be used with a brute force plugin for an additional layer of security.

VirtuBox · Jul 5, 2016

A very good post about WordPress security at KeyCDN blog here

But to answer to the thread, you should use a software solution like fail2ban instead of a plugin, as each plugin can be another security breach.

fwh · Jul 6, 2016

Thanks LJSHost for cool post!

I would add a way to secure your wordpress site is block your wp-admin by htaccess file or protecting it by a function in your hosting control panel manager and just allow your IP address access it.

Luxin Host · Jul 6, 2016

One of the major things that each wordpress owner should do is change the login directory to a very long and random string. this will prevent the finding of the admin panel in the first place or at least make it much much harder.

Ilyas · Jul 6, 2016

If you host your website on a vps or dedicated server install config server firewall and comodo WAF ruleset. This will help preventing a lot of attacks.

bknights · Jul 9, 2016

LJSHost said:
Brute Force Protection

Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.

I am sure this will work for wordpress sites but not sure it can protect a VPS from Brute Force Attacks

Why don't we use a tool to stop Brute Force Protection on whole VPS instead of using for a WP site?

LJSHost · Jul 9, 2016

Application layer and Operating systems layers are two different things but they do share the same brute force security solutions,
If a VPS has its own firewall this will block access to repeated login attempt's to mail and other system services, but access control to an application such as wordpress requires it's own security, as others have also said it's best double up the security using .htaccess controls also.

ulterios · Aug 26, 2016

LJSHost said:
Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.

Brute Force Protection

Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.

Exploits

Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.

Great information LJSHost! I don't think most people worry about the security of their WordPress websites or blogs until AFTER they have had a security problem. It's always a good idea to plan to help prevent security problems BEFORE they happen and not after like way too many people do.

Also, thanks for sharing the Brute Force plugin. I wasn't aware of that particular one myself.

UltratechHost · Sep 1, 2016

Great post LJSHost!, But i don't think that most of newbie cares about there website security that much as they tries to earn money through it

praveenk · Oct 9, 2016

Nice post, basically Wordpress is secured but theme and plugins used in Wordpress caused problem, therefore be careful while using any new theme or plugins and try to install unwanted themes and plugins.

Gecko · Jan 12, 2017

I have had some brute force attacks a couple of years ago and they kept happening a couple times a month or so. Finally I decided to use .htaccess to only allow access to it from my IP and not from other IP's.

This has worked great for stopping the attacks and it's easy to implement, even for people that are new and don't understand many aspects of websites including the .htaccess file.

WordPress Security

LJSHost

Well-known member

Paul Wellner Bou

Well-known member

LJSHost

Well-known member

VirtuBox

Well-known member

fwh

Administrator

Luxin Host

Well-known member

Ilyas

New member

bknights

Well-known member

LJSHost

Well-known member

ulterios

Well-known member

UltratechHost

Member

praveenk

Member

Gecko

Well-known member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud