Safeguarding Your WordPress Website From Brute Force Attacks

Matt Mullenweg article on passwords and brute force

I was alerted to this article by Matt Mullenweg, the founder of WordPress, with regard to a recent spate of brute force attacks on WordPress websites.

As an introvert in business, I rely heavily on my online presence – and in particular on my website – and I felt it was important to share this information with The Quiet Entrepreneur community, who could well be in the same boat.

Allow me to summarise what Matt says in his article:

  1. If your Administrator username is “admin”, create a new Administrator, with a harder-to-guess username, and delete the “admin” username (follow this link for a step-by-step guide to creating a new user in WordPress
  2. If your password is easy to guess, change it to a strong password (follow this link for suggestions on how to select a strong password)

For a “belt and braces” approach, I’ve installed the Limit Login Attemps WordPress plugin. The only change I made was to increase the “minutes lockout” time to 9999 – this prevents the attacker from trying again for 9999 minutes.


About the author Julia Barnickle - The Quiet EntrepreneurJulia Barnickle is a film maker, photographer, artist and writer, and the founder of The Quiet Entrepreneur community for introverts in business. She offers visibility coaching to raise your online profile, and helps you create videos to promote and deliver your services.

Follow Julia on Instagram | Youtube | Twitter | or on her website.

2 comments… add one

Leave a Comment

CommentLuv badge