Skip to main content

Protect your WordPress site now

As we speak, WordPress sites across the internet are under heavy attack from a botnet of roughly 90,000 computers.  Fortunately, you’re rather unlikely to have any issues if you’ve been following even just basic security practices.  Specifically, these bots are simply hammering away at servers by trying the username “admin” along with as many password combinations as they can come up with.  If your site doesn’t use the “admin” username, or if you already have a very solid password, you’re in good shape.

However, there are a few things you can do to protect yourself even further (which we’ve already taken care of for any GreenMellen customers that are on one of our maintenance plans):

Install the “Better WP Security” plugin

You can download this free plugin here, then install it on your site.  While it has a lot of great features that you should consider implementing, the main one we need in this case is the “Enable Login Limits” under the “Login” tab.  This will block users from logging in if they fail five times in a row (or whatever number you select).  In the case of the bots that are trying hundreds or thousands of times, this will stop them very quickly.



While it’s not specifically designed to help with this attack, the popular Sucuri plugin is another one you should probably install.  Have it scan your site to make sure you’re clean, then choose the “1-click hardening” tab to tighten up your security a bit further.


Other tips

Of course, all of the normal WordPress security tips still apply here, and can help protect you against the next threat in the future.

Stay updated: Whether you pay a company to handle it for you or you do it yourself, keep your site and plug-ins updated all the time.

Use solid hosting: There are a lot of great hosts out there that will help protect you.  Avoid lazy hosts like GoDaddy and choose someone solid like HostGator or ClickHost.

Keep things backed up: The only way to keep your website 100% safe is to not have one.  While the tips above will keep you safe 99.9% of the time, if you’re online there’s always a chance of something going wrong.  In the event of that happening, make sure you have a good backup copy of your site.

While this attack isn’t of direct concern to most of us, it is causing some secondary headaches.  Because web hosting companies are under such attack right now, a lot of sites are loading slower as a result of the increased load.  Things seem to be getting under control, but be patient with your host as they work through these issues.

Do you have any other tips to help slow down these attacks?

About the Author

Mickey Mellen

Co-Founder and Technical Director

View Mickey's Profile

More from Our Blog

Switching Your Website Data From Google Analytics 4 to Fathom

There are many options when considering which platform to track your website’s analytics. Google Analytics is an option most of our clients use and many…

Read More
macbook pro on brown table

Common Marketing Problem: Unclear and Inconsistent Value to our Audience

Tell us if this sounds familiar: you know what your business does, but you have difficulty explaining it to people. Friends at parties ask you…

Read More
photo of woman showing frustrations on her face

6 Advanced LinkedIn Features to Take Your Account To the Next Level

LinkedIn is a powerful social networking platform for business leaders because it is specifically for professionals. It should often be the first social account to…

Read More
smartphone with linkedin app