Brute Force attacks on WordPress is on the rise. What can you do?
You can run but you can’t hide… Or can you? I will show you a simple way that you can hide from ordinary hackers to make it more difficult for them to get into your site.
So what is a Brute Force Attack? In cryptography, a brute-force attack consists of an attacker trying many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found. Alternatively, the attacker can attempt to guess the key which is typically created from the password using a key derivation function. This is known as an exhaustive key search.
These attacks are on the rise. Over 15% of the attacks are coming from an IP address in the Ukraine. 2.3 Million attacks are being launched each day.
What do I do?
The best plugin that you can use is Wordfence – https://www.wordfence.com/ Wordfence will automatically block IP addresses from accessing you website. You can also manually block traffic that you see that looks suspicious. Also Wordfence will scan your server and identify wp files that have been modified or corrupted.
Another simple plug-in that you can use is called WPS Hide Login – this plug-in changes your login which is most commonly WP–Admin to whatever URL you want. This is a great way to hide you login. Most hackers are somewhat impatient so when they see that you’ve moved your login they’re going to move onto easier targets.
What do I do if I am Hacked?
You can try to remove the files yourself however these hacks can be very complex and using a pro can save you a lot of time. If you are using your site to make money and your site is down or hacked it is going to cost you money by not being able to run ads on Google etc…. Once you get that love letter from Google saying that your site has been hacked you can no longer run advertising through Google in fact most browsers are going to block traffic to your website automatically if there are malicious files on your server. So getting hacked cost you a lot of money.
The interesting thing is that most of these hackers are not trying to get valuable information. They are just trying to be disruptive and being hacked is very disruptive just asked someone who’s had their website hacked how disruptive it can be.
Recover your backup
Oh crap! I did not make a backup of my website. Welcome to the club! If you’re like most people you do not backup your website. Neglecting this step puts you in the category of having to pay someone like me a ton of money to recover your site if you get hacked. If you did not backup your site it’s best that you go to Themeforest.com and start looking for a new website templet.
In a lot of cases I will encourage my clients to have two servers running their website. One Server is a production server the other is a Test server. The test server is not being indexed by Google nor is it receiving a lot of traffic but the site is live and is an identical copy of the production website. In the case of the production server going down, I would redirect the production server URL to go to the test server and then index test server with Google until the production site up and running. This will ensure hey maximum amount of uptime.
Do this now.
If you’re reading this and you realize that your site is currently vulnerable the best thing to do is start today to implement his recovery strategy. When is the best time to plant a tree? 20 years ago. When is the next best time to plant a tree? Today. If you factor in the cost to bring up your site if it goes down preparing for the inevitable is a much better alternative. Give me a call today 619-569-8051.