WordPress is currently under attack via Botnet and you need to make certain that your WordPress blog is secure! How is this happening you might be asking? Well, hackers create malicious software (malware) into a bot or Botnet, which bot is a shorter term for robot. When this happens, and your computer is affected, your computer can conduct tasks over the Internet and you can be totally irrelevant to the fact that they exist.
When such horrible events happen, you want to make sure that your WordPress blog accounts are not affected, as well as your computer. The best way is to prevent botnet attacks is to give an extra layer of defense. You can do this by taking extra security precautions listed below that can save all your hard work that went into your WordPress blog.
Does your company or you (personally) have a WordPress blog? If so, there are a list of aspects to consider to protect yourself from the headache of a hacker or botnet attack:
- Change your Admin Username: I can’t tell you how much this alone will help. Change your Admin login Username!! The attackers pick the weak, and by weak I mean weakest Username and Password.
- Make your password difficult: It might be a pain for you to try and remember your password you made for security reasons (using $#@%^&* in it) but it’s well worth it in the end! A mix of characters can really create a top notch password that is very difficult for bots to discover. Take a look at what WordPress says: recommended by WordPress.
- Take advantage of 2-Factor Authentication on WordPress.com: Make sure to make a WordPress account, if you don’t have one register, it takes 2 minutes. After you have a WordPress account you can take advantage of their 2-step authentication security measure. This gives extra security to your admin login process by making sure that you are not a bot.
- Protect your computer: I’ve seen a lot of help guides on this topic and there is not a bunch of them that inform you how to protect yourself from the source of the problem! Make sure you have reliable anti-virus and malware software that will help protect you from such issues arising.
- Install a Security Plugin: Make sure you have a solid security plugin that will keep your WordPress blog safe from unwanted attacks. Wordfence is a great security plugin that can create a safe environment. Also, Better WP Security might help you out to keep out those extra intruders (If you are a beginner at WordPress CMS you need to be careful with this plugin, as selecting certain options can change aspects that can break your WordPress blog. So be VERY CAREFUL when using this plugin!). When you have understanding on how to use this plugin, you can change many things that can benefit your WordPress blog, such as, your admin area. You can have special login URL to access your admin login (be careful with this, don’t want to get locked out of your own WordPress blog!). This gives you a little more adding comfort knowing some attackers can’t even see your admin login area to attempt to login. See which one you like and use it, as it can help your WordPress blog stay secure.
- Secure Your Admin Login: *Note- if you have installed Better WP Security and have turned on the secure SSL (Secure Socket Layers) admin login, you don’t need this plugin. However, if you haven’t installed Better WP Security and don’t currently have your admin login area SSL (Secure Socket Layered), then you can use Really Simple SSL. *Note- In order to use this plugin you first must make sure that you have SSL enabled on your website. Host Gator does a good job of explaining the process. If you’re not using Host Gator, make sure to ask your hosting company how to enable SSL for your domain. Some SSL’s cost annually, others monthly, but Host Gator is FREE if you the purchase business package. Also, you will need to use Apache mod_rewrite rules. When changing to SSL for your website also make sure to follow these WordPress implementing rules: HTTPS For WordPress
- Change the WordPress Database Prefix to Improve Security: When you’re installing WordPress you can set up your Database Prefix to a specific name so it’s harder for hackers to access your database. If you haven’t done this & want to complete it, here is a great resource that can help you: How to Change Database Prefix to Improve Security.
- Security Keys: Make sure to add your security keys as discuss here: Security Keys. This can also help defend your WordPress CMS & make it a little more difficult to break into with such encryption. Make sure to use WordPress security key generator to make specific keys just for your file. Just read through and begin the process, very simple to complete. If you have any questions about it don’t hesitate to ask us.
- Lock Down WordPress Admin Login with .htaccess: Being able to lock down WordPress admin login is key to fighting brute force attacks! One way is to only allow a single IP address to access the admin login. Check out InMotionHosting’s explanation on how it’s done. You can also use multiple IP addresses if necessary. Make sure to keep all the Rewrites within the <IfModule mod_rewrite.c> YOUR CODE </IfModule>. Stack Overflow’s forum post might will with explaining multiple rewrite rules. If you don’t know what you are doing, don’t do it! Ask your hosting company or web developer to assist. You can break your website messing with the .htaccess file — FORE WARNING — be careful, always make backups before conducting changes!!
We will continue a list of more security measures in the future on this page, but those are the most important as of right now. We hope this helps you in your future business and blogging ventures.