WordPress Security…


With all the recent press about global brute force attacks on WordPress I decided to install the Better WP Security plugin last Sunday.

It includes loads of security features, including the big ones mentioned in the recent attacks:

  • Changing the name of the “admin” user.
  • Changing the ID of your renamed admin user.
  • Changing the table prefix.
  • Max login attempts lockdown.

Of the 5 blogs I manage, 4 worked straight off with this plugin. Unfortunately, one required a few attempts, so remember to take filesystem and database backups before you start or you may not end up in a happy place.

Over the week since activating the plugin I’ve been quite interested/scared by the results. I’ve been getting several emails a day telling me of user lockdowns due to attempted brute force attacks originating from USA, Russia and the Netherlands.

If you have a self-hosted WordPress installation, you really need to take some basic steps stop yourself becoming a victim. There are a number of security plugins available, which I’m sure work equally well, but I only have experience of this one.

Good luck.



Author: Tim...

DBA, Developer, Author, Trainer.

3 thoughts on “WordPress Security…”

  1. Hello, as you said that you had installed The plugin, but what i read on other places that plugins are also one of the cause of hack and 22% hacks are viw Plugins loopholes. am confused and not using any plugins any more, as already this year in April i was the victim of the attack.

  2. Certainly, adding a bunch of random pluggins is a good way to open security holes, but things like the “Better WP Security” plugging help to identify and block holes, so I don’t see them as a risky proposition.



Comments are closed.