Late last month the Internet faced one of the biggest DDoS attacks in the history. With not even a month passed, BBC reported news about WordPress website being targeted by hackers. Chills ran through the spines of many website owners who run their sites over WordPress CMS, after reading the news. The site reported about attacks by a botnet of “tens of thousands” of individual computers for a week almost where the sites with WordPress usernames were “admin”.
It’s a rough estimate that nearly 17% of the total websites over the World Wide Web are powered by WordPress today. This has offered a greater playground for people with false intentions to initiate activities such as DDoS attacks.
“Prevention is Better Than Cure”
So How Can You Protect your WordPress Enabled Website from hackers trying to crack your WordPress credentials? How can you avoid attackers use your website to point a DDoS against a network or website
Well, there are number of ways to tighten the security of your WordPress installation. Let’s take a look at it one-by-one.
Use a plugin namely ‘Limit Login Attempts’ to limit the number of login attempts for your website. This plugin allows you to set a maximum number to failed login attempts for a particular IP and informs you about every failed attempt, hence making you aware much early to any occurrence of a destruction.
Another way to restricting unauthorized access is by limiting the login access altogether. You can do this by white listing certain known IP addresses and blocking all others.
Here are the steps you must follow :
Step 1 : Go to the root of WordPress Installation over the server. Look for a folder named wp-content
Step 2 : Edit the .htaccess file by adding the below :
<Directory /wp-admin >
<files wp-login.php>
AllowOverride None
order deny,allow
# whitelist
allow from xxx.xxx.xxx.xxx (IP 1)
allow from xxx.xxx.xxx.xxx (IP 2)
allow from xxx.xxx.xxx.xxx (IP 3)
deny from all
</files>
</Directory>
Note: Remove (IP 1), (IP 2), (IP 3) from the code. You can add as many IP addresses as you want in a similar way.
With this small modification, only the IP addresses that you’ve authorized would be able to access the wp-admin page i.e. login page of your website.
If you need any help in this regards, please contact our technical support department, we’d be glad to help tighten the security of your WordPress based website.
Other Tips:
Use a Complicated Username which isn’t easy to guess.
Use Complicated Password, something which is a mix of upper and lower case alphabets, special characters, numbers. The longer it’d be the harder it is to crack.
