Hostgator, a major web hosting company, posted a story today about a global hack attack on WordPress web sites. The attack attempts to gain access to the WordPress admin part of a site using brute force login attempts.
If you have a WordPress website, there are several things you can do to fight off this attack:
- Make a backup of all of your WordPress website files and database and download it.
- Change all WordPress Admin login passwords and use strong password construction; for example, more than 8 characters, upper and lowercase letters, numbers, and special characters. If you can remember your password, then it’s probably not strong enough.
- Use .htaccess to password protect /wp-admin/wp-login.php
Instructions for how to password protect wp-login.php
- Install a WordPress security plugin. There are dozens; Better WP Security and BulletProof Security are very powerful and very popular.
- Read Hardening WordPress article:
- Update WordPress and plugins to latest versions.