Have a website? Read On . . . .
First let me tell you, this is not something to turn your head the other way about - Brute Force attacks happen to us little guys. Do not think in any way that it can't happen to you - let's talk some facts here ok? But first - What the heck is a Brute Force Attack?
"A ‘Brute Force’ login attack is a type of attack against a website to gain access to the site by guessing the username and password, over and over again. Other kinds of hacks rely on website vulnerabilities whereas a brute force attack is a simple hit and miss method and can be tried on any site."
WordPress websites are a target - so are Joomla sites and any sites that have a login username and password to gain access to the dashboard or control board to add, edit and manipulate your website.
Do you realize that just because you have a beautiful website up and running that you will need to do some upkeep? What do I mean by upkeep?
- Whatever software source you are using to create your website, there are updates to that source - so yes, you need to update whatever software that comes out with a new version
- With WordPress, you not only have the Source Code that needs updating, but you also need to update any plugins (extra small apps) and themes (the picture that your site has taken on)
- You need to be aware of security issues - if you are accepting payments on your website you need to invest in an SSL Certificate - (secure socket layer) this adds additional encryption to the transaction itself.
- You also need to be aware of capturing email addresses - (this is another vulnerable area)
Let me explain to you what I have done to help secure the websites that I manage ok? When things just blew up and some sites went down, it was a total nightmare figuring out what the heck was going on. With the help of A2Hosting Technical Support and many many phone calls and emails back and forth, we finally got things under control - not only were they scanning the server and quarantining the infected malware files, but they were also helping me resolve the issues one website at a time.
Here goes - Please note - there are many great security plugins - these are the ones that I am using. Before I tell you about them, here is a HUGE TIP! Change your Username and your Passwords for each login! But only do it when you know the site is clean.
- I started with "All In One WP Security" - They say it is easy to install, this is true, but it has many many features that you need to activate - once installed and activated - go thru the list and read each item - I did not activate any "ADVANCE" features.
- Block Bad Queries - is a simple, super-fast plugin that protects your site against malicious URL requests. BBQ checks all incoming traffic and quietly blocks bad requests containing nasty stuff like
base64_, and excessively long request-strings
- Login NoCaptcha Recaptcha - Adds a Google No Captcha ReCaptcha checkbox to your WordPress login screen. Denies access to automated scripts while making it easy on humans to log in by checking a box. As Google says, it is "Tough on bots, easy on humans."
- Anti-Malware Security and Brute Force Firewall - This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them. This also does an internal and an external website scan.
Yes, I have gone in heavy - I am setting up the malware scanning to run daily - but I check each website and their updates every other day - while this is a great start - and gives myself and my clients a bit of "peace of mind" it isn't fool proof.
Nothing is! But you need to take the proper steps to update, scan and install those security features. One last note - limit the amount of login attempts - and you can lock out IP's that pass that limit - you can set a time frame for the lockout - and you will get a list of the IP's that have been locked out. You can also go one step further and block those IP's. You can do this in the "All In One WP Security" program.
I sincerely hope this helps you. I have spent hours working on websites to secure them and to keep them updated. Getting the sites back to their original look was a chore. Yes, I have backups, but you don't want to bring in a backup if the original isn't cleaned up. Brute Force Attacks are horrendous, but they can be prevented.