Skip to main content

Protect your WordPress site now

As we speak, WordPress sites across the internet are under heavy attack from a botnet of roughly 90,000 computers.  Fortunately, you’re rather unlikely to have any issues if you’ve been following even just basic security practices.  Specifically, these bots are simply hammering away at servers by trying the username “admin” along with as many password combinations as they can come up with.  If your site doesn’t use the “admin” username, or if you already have a very solid password, you’re in good shape.

However, there are a few things you can do to protect yourself even further (which we’ve already taken care of for any GreenMellen customers that are on one of our maintenance plans):

Install the “Better WP Security” plugin

You can download this free plugin here, then install it on your site.  While it has a lot of great features that you should consider implementing, the main one we need in this case is the “Enable Login Limits” under the “Login” tab.  This will block users from logging in if they fail five times in a row (or whatever number you select).  In the case of the bots that are trying hundreds or thousands of times, this will stop them very quickly.



While it’s not specifically designed to help with this attack, the popular Sucuri plugin is another one you should probably install.  Have it scan your site to make sure you’re clean, then choose the “1-click hardening” tab to tighten up your security a bit further.


Other tips

Of course, all of the normal WordPress security tips still apply here, and can help protect you against the next threat in the future.

Stay updated: Whether you pay a company to handle it for you or you do it yourself, keep your site and plug-ins updated all the time.

Use solid hosting: There are a lot of great hosts out there that will help protect you.  Avoid lazy hosts like GoDaddy and choose someone solid like HostGator or ClickHost.

Keep things backed up: The only way to keep your website 100% safe is to not have one.  While the tips above will keep you safe 99.9% of the time, if you’re online there’s always a chance of something going wrong.  In the event of that happening, make sure you have a good backup copy of your site.

While this attack isn’t of direct concern to most of us, it is causing some secondary headaches.  Because web hosting companies are under such attack right now, a lot of sites are loading slower as a result of the increased load.  Things seem to be getting under control, but be patient with your host as they work through these issues.

Do you have any other tips to help slow down these attacks?

Share this:

Mickey Mellen

Co-Founder and Technical Director

View Mickey's Profile

More from Our Blog

The Basics for Launching an Effective Digital Marketing Campaign

Digital marketing is an ongoing process. Effective marketing means planning for the long term and sticking with a sustainable effort. However, there are appropriate times...

Read More

GreenMellen Announces Series of Community Partnerships

GreenMellen is proud to announce several community partnerships with outstanding local nonprofit organizations during 2023.

Read More

10 Best Practices for Writing Business Social Media Content

In today’s digital age, social media is at the forefront of most businesses’ marketing plans. Companies use this indispensable tool to connect with their audience,…

Read More


    • Thanks for the link — they’re certainly proving to be a great tool to use. Your advice about not using “admin” as the username was spot on, too!

  1. I use Limit Login Attempts on my website and I use 1Password to create and manage strong passwords. Cloudflare posted on their blog that they are able to detect and block the brute force attacks. Plus they can boost the performance of your WordPress site.

Leave a Reply

Your email address will not be published. Required fields are marked *