Luckily, you don\u2019t have to be a software sorcerer to be able to protect your virtual property from these pesky invaders. Here are seven ways to\u00a0secure your WordPress website from brute force attacks, starting with the most obvious and easy ones.<\/p>\n\n\n\n
1. Never Use \u2018admin\u2019 as Username:<\/h2>\n\n\n\n
This shouldn\u2019t need a mention. But as this is still a fairly common practice among newbie webmasters, it is indeed worth a mention.<\/p>\n\n\n\n
You see, for both humans and bots trying to infiltrate your website, \u2018admin\u2019 would most likely be the first guess at your username.<\/p>\n\n\n\n
So, when installing WordPress<\/a>, choose any username you like except \u2018admin\u2019.<\/p>\n\n\n\n According to the folks at WordPress, \u201cIf you are still using this username, make a new account, transfer all the posts to that account, and change \u2018admin\u2019 to a subscriber (or delete it entirely<\/em>).\u201d<\/p>\n\n\n\n It doesn\u2019t really matter what you change it to as long as it isn\u2019t \u2018admin\u2019. And even though the Profile section clearly states \u201cUsernames cannot be changed\u201d, they can be.<\/p>\n\n\n\n It\u2019s simple. Being WordPress, there is a plugin for literally everything.<\/p>\n\n\n\n To change usernames, install\u00a0Username Changer<\/a>, a well-acclaimed and easy-to-use plugin. After installing and activating, the above screen would change to as shown below. Easy-peasy.<\/p>\n\n\n\n Again, as blindingly obvious as it gets, don\u2019t use \u201c123456\u201d, \u201cqwerty\u201d, or \u201cpassword\u201d as your password. Such passwords are convenient for you to remember, and likewise, easy to guess for hackers.<\/p>\n\n\n\n Ideally, you should use a combination of uppercase, lowercase, numeric, and special characters to form a long and strong password. Moreover, It\u2019s important that you use strong passwords for not just your WordPress user accounts but also for FTP, web hosting control panel, and your\u00a0WordPress database.<\/p>\n\n\n\n Consider using a password generator<\/a> to do the hard work for you. When allowing multiple users to register on your website, install a plugin like Force Strong Passwords<\/a> to ensure all users are secure.<\/p>\n\n\n\n A good deal of brute force attacks target vulnerabilities known to be present in older versions of WordPress, popular plugins, or themes.<\/p>\n\n\n\n As most of the renowned plugins (and the WordPress core itself) are open source, the vulnerabilities are often detected and fixed very quickly. However, if you tend to overlook pending updates more often than not. Then your website still remains vulnerable to those old hazards.<\/p>\n\n\n\n Staying updated is the easiest thing you can do to secure your WordPress website, so why not? Just go to\u00a0Dashboard<\/strong>\u00a0>>\u00a0Updates<\/strong>\u00a0to keep up to date with the latest updates for WordPress core, plugins, and themes.<\/p>\n\n\n\n As mentioned earlier. Failed brute force attacks can also harm your website by slowing it down or even crashing your hosting server.<\/p>\n\n\n\n To prevent this, you need to setup a firewall for your WordPress website. Essentially, firewall filters and blocks bad traffic from your website. Specifically, you need a DNS level website firewall that routes your website traffic through its cloud proxy servers.<\/p>\n\n\n\n Get the premium version of Sucuri Security<\/a> to leave nothing to chance. It is one of the best firewall (and overall security) plugins for WordPress.<\/p>\n\n\n\n Alternatively, you can secure your WordPress website with a\u00a0server-level firewall\u00a0without using a plugin, too.<\/p>\n\n\n\n As an added layer of security, you can (and should) opt for two-factor authentication (2FA) for your WordPress website.<\/p>\n\n\n\n Basically, 2FA is a small extra step to be taken by you during login that requires you to prove that it\u2019s indeed you trying to log in and not a hacker. For this, a unique code or a unique link will be sent to you (and you alone) via text or email, which you\u2019ll have to enter (or click) in order to confirm your access.<\/p>\n\n\n\n You must be familiar with this process if you\u2019ve ever used banking applications.<\/p>\n\n\n\n Anyway, this is a very effective line of defense against brute force attacks. Plus, it is very easy to set up by using free plugins like\u00a0Google Authenticator<\/a>\u00a0and\u00a0UNLOQ<\/a><\/p>\n\n\n\n By default, the attackers have infinite tries to penetrate your turnstile as WordPress has no limit to the number of login attempts. So they won\u2019t ever get locked out and can keep trying until they hit the jackpot.<\/p>\n\n\n\n And that\u2019s why brute force attacks tend to be so efficacious with WordPress websites in particular.<\/p>\n\n\n\n The solution to this is pretty straightforward: limit the number of login attempts. The most popular way to do this is to install a plugin called Limit Login Attempts Reloaded<\/a>. It blocks an IP address from making further attempts after a specified limit on retries has been reached, rendering a brute force attack ineffective.<\/p>\n\n\n\n Admittedly, you must be tired of hearing this advice, and probably let out a huge dismissive yawn when you read the subtitle.<\/p>\n\n\n\n But get this: losing your website due to lazy backup habits can be your worst nightmare as a webmaster. Imagine years of blood, sweat, and tears to establish an online presence gone in the blink of an eye.<\/p>\n\n\n\n Fortunately, WordPress\u2019s enormous repository of 54,632 plugins comes to the rescue yet again. Take some time to\u00a0create a backup\u00a0of your WordPress website with the help of\u00a0great backup plugins\u00a0like\u00a0UpdraftPlus<\/a>,\u00a0BackWPup<\/a>,\u00a0Duplicator<\/a>.<\/p>\n\n\n\n Brute force attacks are on the rise and WordPress websites are a prime target. Putting these seven easy tactics on how to\u00a0secure your WordPress website\u00a0into practice won\u2019t take much time and will surely boost your website\u2019s security to a nearly impenetrable level.<\/p>\n","protected":false},"excerpt":{"rendered":" A brute force attack is one of the most basic types of cyber attacks which aims at gaining access to websites and applications by repeated trial-and-error and guessing of login credentials. The attackers typically employ automation software which sends a large number of requests to the target system. With each request, the software tries to […]<\/p>\n","protected":false},"author":2,"featured_media":2227,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"spay_email":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false},"categories":[77,62,59],"tags":[73,110,88],"jetpack_featured_media_url":"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/Security.png","jetpack_publicize_connections":[],"jetpack_shortlink":"https:\/\/wp.me\/p7FQPL-zT","jetpack-related-posts":[],"jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/posts\/2225"}],"collection":[{"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/comments?post=2225"}],"version-history":[{"count":1,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/posts\/2225\/revisions"}],"predecessor-version":[{"id":2235,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/posts\/2225\/revisions\/2235"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/media\/2227"}],"wp:attachment":[{"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/media?parent=2225"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/categories?post=2225"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/azoora.com\/blog\/wp-json\/wp\/v2\/tags?post=2225"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/WordPress-Username.png\")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/Change-Username.gif\")
<\/figure>\n\n\n\n2. Use Strong Password:<\/h2>\n\n\n\n
![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/Force-Strong-Passwords.jpg\")
<\/figure>\n\n\n\n3. Always Stay Up-To-Date:<\/h2>\n\n\n\n
![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/WordPress-Updates.png\")
<\/figure>\n\n\n\n4. Setup Firewall:<\/h2>\n\n\n\n
![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/WordPress-Sucuri-Firewall.jpg\")
<\/figure>\n\n\n\n5. Enable Two-factor Authentication:<\/h2>\n\n\n\n
![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/UNLOQ.jpg\")
<\/figure>\n\n\n\n6. Limit Login Attempts:<\/h2>\n\n\n\n
![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/WordPress-Limit-Login-Attempts-1.png\")
<\/figure>\n\n\n\n7. Backup:<\/h2>\n\n\n\n
![\"\"](\"https:\/\/azoora.com\/blog\/wp-content\/uploads\/2019\/04\/WordPress-Backup.png\")
<\/figure>\n\n\n\nConclusion:<\/h2>\n\n\n\n