Basic security measures to keep your WordPress admin area safe
Friday, December 4th, 2009Nobody WANTS to have their blog hacked. But without a few basic precautions, you could be practically inviting them in without knowing it.
When you install WordPress, you will automatically have a user account named “admin.” Everyone who knows WordPress knows this. And that includes the bad folks who want to get admin access to your site. Because they know that your site probably has an administrator-level account with the username “admin,” half the work is done. Then they just need to figure out your password. One of the most common attacks on WordPress sites is called “brute force” password guessing. A script will keep trying different password combinations until it finds the correct one. They usually aren’t successful, but sometimes they hit the jackpot – and you don’t want your site to be the lucky winner.**
To defend against this type of attack, there are three fairly basic things you can do:
- Have a good password
- Get rid of the “admin” account
- Ban anyone with too many failed login attempt
