WordPress Security

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.


Brute Force Protection


Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.


Exploits


Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.
 

Paul Wellner Bou

Well-known member
Registered
Joined
Apr 20, 2016
Messages
95
Points
6
Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.

Brute Force Protection

Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.

Exploits

Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.
Exactly I often update my Wordpress version when a latest version is released.

Beside using a wordpress plugin, there is an alternative to stop Brute Force? What about pingpack and trackback? I heard that it helped hackers to attack WP sites, right?
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Those tools could be useful for hackers yes.

An alternative to the brute force plugin would be to block access to WordPress admin page by using .htaccess to require a password to proceed to your admin login page.
This solution can also be used with a brute force plugin for an additional layer of security.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
A very good post about WordPress security at KeyCDN blog here

But to answer to the thread, you should use a software solution like fail2ban instead of a plugin, as each plugin can be another security breach.
 

fwh

Administrator
Staff Member
Joined
Dec 8, 2012
Messages
773
Points
63
Thanks LJSHost for cool post!

I would add a way to secure your wordpress site is block your wp-admin by htaccess file or protecting it by a function in your hosting control panel manager and just allow your IP address access it.
 

Ilyas

New member
Registered
Joined
Jul 6, 2016
Messages
2
Points
0
If you host your website on a vps or dedicated server install config server firewall and comodo WAF ruleset. This will help preventing a lot of attacks.
 

bknights

Well-known member
Registered
Joined
Jun 23, 2016
Messages
97
Points
8
Brute Force Protection


Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.
I am sure this will work for wordpress sites but not sure it can protect a VPS from Brute Force Attacks

Why don't we use a tool to stop Brute Force Protection on whole VPS instead of using for a WP site?
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Application layer and Operating systems layers are two different things but they do share the same brute force security solutions,
If a VPS has its own firewall this will block access to repeated login attempt's to mail and other system services, but access control to an application such as wordpress requires it's own security, as others have also said it's best double up the security using .htaccess controls also.
 

ulterios

Well-known member
Registered
Joined
Nov 25, 2015
Messages
481
Points
0
Due to the popularity of WordPress it is often the target of hackers. It is a common misconception that WordPress is not a secure content platform but when managed correctly you should not have any security issues. This guide will provide you with all the information you need to keep your WordPress secure.


Brute Force Protection


Many WordPress attacks are done by trying to login to your admin area using many different passwords until they get a match. This is easily combated by using a brute force protection plugin, it will block access from the attacker's IP address for a period of time, blocking them from continuing to attack your site. You can even blacklist repeated offenders. The Brute Force Protection plugin is recommended.


Exploits


Attackers can force access to your site by exploiting bugs in old versions of WordPress, plugins and themes which have not been updated. It is recommend you update your WordPress installation when a new release is issued and keep your plugins and themes updated to the latest version. Keeping your WordPress updated is easy and only takes a few clicks when updates are available.
Great information LJSHost! I don't think most people worry about the security of their WordPress websites or blogs until AFTER they have had a security problem. It's always a good idea to plan to help prevent security problems BEFORE they happen and not after like way too many people do.

Also, thanks for sharing the Brute Force plugin. I wasn't aware of that particular one myself. ;)
 

UltratechHost

Member
Registered
Joined
Aug 30, 2016
Messages
46
Points
0
Great post LJSHost!, But i don't think that most of newbie cares about there website security that much as they tries to earn money through it
 

praveenk

Member
Registered
Joined
Mar 10, 2016
Messages
17
Points
0
Nice post, basically Wordpress is secured but theme and plugins used in Wordpress caused problem, therefore be careful while using any new theme or plugins and try to install unwanted themes and plugins.
 

Gecko

Well-known member
Registered
Joined
Aug 25, 2016
Messages
364
Points
0
I have had some brute force attacks a couple of years ago and they kept happening a couple times a month or so. Finally I decided to use .htaccess to only allow access to it from my IP and not from other IP's.

This has worked great for stopping the attacks and it's easy to implement, even for people that are new and don't understand many aspects of websites including the .htaccess file.
 
Recommended Threads

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top