WordPress Brute Force Attacks

Just in case you haven’t heard about this in the news, there’s a nasty flare of attacks on WordPress and Joomla sites going on.

Things you can do:

  • If your login password is admin – CHANGE IT NOW!
  • Likewise, beef up your password. Really, make it un-guessable.
  • Install something to slow down a hacker trying to guess their way into your site. Limit Login Attempts is a handy security plugin that does just what it says. (though this isn’t totally foolproof)
  • Keep your WP install up to date.
  • Find out if your hosting company is doing anything to help prevent attacks.
  • Read and follow the advice in the Hardening WordPress documentation.

I’ve been lucky so far, despite some attacks, no one has managed to get into my sites.  Colleagues with sites that get far more traffic than mine have also reported attacks, but have been safe so far.