Protecting your WordPress site against hackers


Think no one is trying to hack into your WordPress site? Think again. When I completed the redesign of this site around May 1st, I installed a plugin called “Limit Login Attempts”. From the plugin page:

“By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.

Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.”

I set the options to lockout the IP address of the user attempting to log in after 4 failed attempts. In 9 weeks this plugin has lockout out 2,992 attempted log ins. That’s almost 48 per day. I’m guessing since my site gets a relatively small amount of traffic compared to a lot of sites, that this is well below the average for hacking attempts.

The bottom line is, if my little site is getting attacked this frequently, it’s safe to say any WordPress installation is getting attacked regularly. If you do not take measures to prevent it, it’s only a matter of time before your site gets hacked.

My next post will discuss some measures you can take to protect your WordPress site from being hacked.

  1. Hi Jack –

    I use a wordpress plugin called wordfence that will keep track of break in attempts and will notify you of any funny business. It also looks for malware and injections.

    This has definitely been useful for my business.

    Cheers and here’s to a great 2016!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.