Safeguarding Your WordPress Website From Brute Force Attacks

Matt Mullenweg article on passwords and brute force

I was alerted to this article by Matt Mullenweg, the founder of WordPress, with regard to a recent spate of brute force attacks on WordPress websites.

Allow me to summarise what Matt says in his article:

  1. If your Administrator username is “admin”, create a new Administrator, with a harder-to-guess username, and delete the “admin” username (follow this link for a step-by-step guide to creating a new user in WordPress
  2. If your password is easy to guess, change it to a strong password (follow this link for suggestions on how to select a strong password)

For a “belt and braces” approach, you could also install the Limit Login Attemps WordPress plugin. The only change you need to make is to increase the “minutes lockout” time to 9999 – this prevents the attacker from trying again for 9999 minutes.

2 comments… add one

Leave a Comment

CommentLuv badge