Brute Force Attacks? Get “Better WP Security” for WordPress Security

Over the past several days, I’ve seen a great many news articles about a bot based brute force attack on WordPress (and Joomla) based websites where the bot uses common password choices and attempts to login with the username “admin.”  Mind you, we are talking about hundreds, perhaps thousands of these common passwords and coming from tens of thousands of compromised servers.  The effort being to gain access to the server and then use the administrator site to add other files and code changes which further compromise the use of the website completely. You really need some WordPress Security.

Having already written about other hacking effort increases of late, I am bothered that yet again these content management systems are being hit with what amounts to the use of wasted talent; hackers show intelligence and problem solving skills, why not put them to use in a way that doesn’t harm others?  Thankfully, the open source community is quick to respond and build tools needed to protect websites from such harmful efforts.

Bit51 - Better WP SecurityBetter WP Security from Bit51.com is an excellent add on to your WordPress website.  It was written long before this current wave of brute force attacks, and is something I would recommend all WordPress websites use from day one.  It relies on both htaccess changes for blocking known bots and other file changes that remove vulnerabilities outright and through obfuscation.

Here is a list of some of the things this tool does:

  • Enforces stricter passwords for users at any level you determine.
  • Removes the backend file editor.
  • Scans the site for recently changed files and emails a report to you if there are such intrusions.
  • Blocks repeated login attempts.
  • Blocks SQL injection attempts.
  • Makes backups of your database and mails them to you are regular intervals

This is open source work at its finest.  It is free to use, but the developer does provide a means of paying him for his work — which I’d highly recommend doing as this tool is really quite will constructed and extremely valuable.

 

2 thoughts on “Brute Force Attacks? Get “Better WP Security” for WordPress Security

  • August 10, 2015 at 9:10 AM
    Permalink

    Well, recently Brute force Attacks has immensely increased, becoming a dangerous factor for all WordPress users, but it is a thing, which is fight-able, I mean, by using security methods, we can move brute force attacks out of the window. Although, it can be difficult for newbies, who just got started with WordPress, but he/she can learn by reading posts online and then can implement security.
    In my view, implementing only three tricks works very well, Changing Login Slug, A content Delivery network (CDN) and a Security Plugin, which bans IP address after a few Login attempts.

    Reply
    • August 10, 2015 at 9:23 AM
      Permalink

      Agreed. This plugin addresses brute force attacks quite nicely

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *