Many of the main sources that talk about WordPress confirm that most brute force that occur are mounted target sites on WordPress and Joomla CMS. Hosting companies such as Hostgator, Siteground and LiquidWeb including these events continuously inform their customers. Hackers botnet containing over 90,000 different IP addresses, and take advantage of the most common mistakes that some WordPress beginners often make. Yes, the truth is that this can be a serious problem, so let’s show that we need to do to lessen the chances of being hacked.
1. Stop using the user name is the default “admin”.
It is very common for novice users to use common user names or come by default as admin, administrator, try … .Recently major hosting companies warn us that usernames are still the focus right now.If you have a generic user name (eg admin) in a WordPress site, then we should change it now.
2. Use a strong password.
This is something we can not pass, and is using a pretty strong password. These brute force attempt to guide all common passwords that users use on their sites. A strong password contains uppercase and lowercase letters, numbers and symbols.Do not use the same password on more than one location. It is never too late to start using a password management solution as 1Password and LastPass.
3. Make regular backups of files and database.
The best security we can have for our website is to have a backup on a regular basis. We can make our backups manually hosting our manager, there are plugins as discussed below can do this job automatically.
It is important to periodically such copies since hosting companies generally tend to not do them.
4. Use two-factor authentication.
Start using two-factor authentication. Thus, even if someone guesses your password, you can not access your site because they have the security key. We recommend doing so as soon as possible where the plugin Google Authenticator can help.
5. Protect with a password the WP-Admin and limited connection attempts.
It is always advisable to limit login attempts users, but this alone can not protect us from all attacks, since a botnet contains 90,000 IPs. Another thing you can do is to password protect the wp-admin directory, where it is advisable to limit the wp-login.php file to a specific IP address.
6. Start using the plugin WordPress Security.
Most of the attacks are suffering for reasons WordPress vulnerabilities caused by plugins, weak passwords and outdated software. One of the most popular WP plugins is Security where among many functions hidden sites that are more prone to these attacks, keeping the most sensitive places such as logging, administration, etc., out of danger.
If we ignore these precautions it is easier than it sounds leave our site exposed to injections of malicious code and attacks of any kind, and this is something we can avoid using the above tips.