Step one: lock your WordPress blog down against 99% of the malicious attacks out there in one fell swoop. It’s simple. It’s free. And you can set this sucker up in just a few minutes.
The most common form of attack out there is the brute force attack. Little college kids with nothing better to do write programs that will pound your login page with login attempts until they find one that works. After they’re logged in…well, you know what happens then. So let’s take a couple steps to help ensure that doesn’t happen.
When attempting to hack an account, you of course need to nail down both user name AND password. So first of all, use a solid password for god’s sake. Guys, I work on your websites every day so I KNOW what kind of passwords you’re using, and it’s pretty rare for me to see a good one 🙂
- Alphanumeric – have your password contain both letters and numbers.
- Combine upper and lower case – use at least one upper case letter in your password.
- Use symbols – if you really want to screw with anyone trying to crack your password, throw in a symbol or two. You know… *$%()#. That kind of stuff.
- Change it periodically, and OMG…don’t use the exact same password for all your accounts.
- If you’re installing a new version of WordPress, choose an admin name other than “admin”. Nearly all WordPress logins have the user name “admin”, so selecting a different user name from the beginning is definitely a smart choice.