DT Business Strategies

Maximize your ROI with a Small Business Marketing Strategy that Works.

Darth Vader-Proofing Your Blog with Login Lockdown (Blog Security Series)

By Christian

Yep. Your blog security sucks. This series of posts will fix it.

Step one: lock your WordPress blog down against 99% of the malicious attacks out there in one fell swoop. It’s simple. It’s free. And you can set this sucker up in just a few minutes.

The most common form of attack out there is the brute force attack. Little college kids with nothing better to do write programs that will pound your login page with login attempts until they find one that works. After they’re logged in…well, you know what happens then. So let’s take a couple steps to help ensure that doesn’t happen.

When attempting to hack an account, you of course need to nail down both user name AND password. So first of all, use a solid password for god’s sake. Guys, I work on your websites every day so I KNOW what kind of passwords you’re using, and it’s pretty rare for me to see a good one 🙂

Password rules:

  1. Alphanumeric – have your password contain both letters and numbers.
  2. Combine upper and lower case – use at least one upper case letter in your password.
  3. Use symbols – if you really want to screw with anyone trying to crack your password, throw in a symbol or two. You know… *$%()#. That kind of stuff.
  4. Change it periodically, and OMG…don’t use the exact same password for all your accounts.
  5. If you’re installing a new version of WordPress, choose an admin name other than “admin”. Nearly all WordPress logins have the user name “admin”, so selecting a different user name from the beginning is definitely a smart choice.
Now that you have a solid password and aren’t begging to get hacked, let’s lock your login form down. Any brute force attack that comes along will get shut down before it even begins. And remember from the last post, it’s not a question whether or not your site will get hit with one of these attacks. It’s just a matter of when.
Installing Login Lockdown is a smart move. If I’ve built a site for you, you already have it. If a malicious attack hits the login page of your blog, they get three attempts to crack your password. Otherwise, they get locked out and it’s flat out impossible to login. Or you can change this setting to whatever number you like. Installing it is a piece of cake. Observe…
[jwplayer config=”YouTube” mediaid=”2555″]
Questions? Hit me up!