Just recently, there has been mass amounts of wordpress site owners reporting that their sites were under attack by hackers all over the world.
Some of my wordpress sites were being attacked as well. This is an alert I got from my Wordfence security plugin sent directly to my email every time one of my sites gets attacked or when it’s in danger of some sort.
The Wordfence alert email reads something like this when a hacker tries to do a brute force admin login attempt:
This alert was generated by Wordfence on “MYSITE” at Friday 25th of January 2014 at 12:23:18 PM
A user with IP address 18.104.22.168 has been locked out from the signing in or using the password recovery form for the following reason: Used an invalid username ‘admin’ to try to sign in.
User IP: 22.214.171.124
User hostname: Somewhere in China
If I wasn’t using any kind of security for my wordpress sites, I would’ve never even realized of this hacking attempt.
Now that I know the IP address of this hacker, I would go to my Wordfence setting and setup a block ip address.
I would also recommend to do the following for your wordfence settings:
- Make sure to add an email to receive threat alerts
- Lock out after how many login failures: Use a low number like 5
- Lock out after how many forgot password attempts: Use a low number like 5
- Amount of time a user is locked out: About 1 hour.
Wordfence does a LOT of things to protect your sites, such as scanning for malware, real-time blocking of attacks, and much much more!
“Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.”
Using Wordfence won’t make your site invincible to being hacked. After all, even big multi-billion dollar corporations get hacked like Target and Sony.
But using Wordfence will GREATLY improve your wordpress site’s security.
How to install and use Wordfence on your WordPress sites?
Wordfence is a free plugin that you can just install, activate, add your email (to receive alerts) and that’s all!
Has Wordfence protected your site from an attack in the past? Leave a comment.