Since April 11th there has been an increase of brute force attacks to websites that utilize WordPress as their platform.
A brute force attack is utilized by hackers when it is not possible to take advantage of other weaknesses in an encryption system (if any exist) that would make the task easier. It consists of utilizing prewritten programs to systematically check all possible password keys until the correct key is found.
If you own a WordPress website this is not anything to panic about but you have to make sure that you or your webmaster take the following steps:
- Make sure that you administrative password (or passwords if you have many administrative accounts) is not easy to crack. Length and A good policy is to use at least one capital letter, one number and one punctuation sign in every password. For example id a Brute Force program can test one hundred billion combinations a second a password like “more4less” would take 17.4 minutes to crack, whereas a password like “!morE4leSS” would take 19 years to crack. If you need help creating your password use https://secure.pctools.com/guides/password/ and set it to a minimum of 10 characters.
- Update (or have your webmaster update) WordPress to the latest version. Earlier versions of word press had some vulnerable areas that could be hacked; in the latest version these were fixed. Even if there wasn’t a security issue it is good practice to keep WordPress updated since Google does check for outdated installations.
- Install a plug in that limits the number of logon attempts. There are a few available; these are programs that blocks users from accessing the website for a period of time if they fail more than a number of attempts in a row. I personally use “Limit Login Attempts” that can be found here http://wordpress.org/extend/plugins/limit-login-attempts/
I hope this information helps you keeping your website secure.