Over the last several months, some former Eastern Block hackers have been systematically trying to breach our WordPress security. That’s nothing new, but it’s the sheer volume of the attempts that really got our attention (11,000+ tries over one weekend). Since WordPress is open source, perhaps it’s a bit like waving a red flag in front of a bull.
As my clients know, I’m a stickler for security. Maybe even a bit paranoid. Recently WordPress announced greater security with Two Step Authentication for those who use WordPress.com to host their blog or website. Here’s how it works:
They’ve Got Your Number
When logging into WordPress, you’ll be prompted to enter a secret number. In order to receive that secret number, you first must download the Google Authenticator App on your smartphone. The app supports Androids, iPhones and Blackberry. It generates a new number every 30 seconds, so it’s virtually impossible to guess. No smartphone? Instead it will send you the number via SMS.
WordPress Security Backup Codes
Once you’ve enabled the Two Step Authentication on your account, they also recommend printing some backup codes just in case. Obviously you’d keep these codes in a very safe place in case your phone is lost or stolen. You can print these codes from WordPress.com’s security tab.
Not For Self-Directed WordPress Installations
If you have configured your WordPress website via WordPress.org, then you’ve got other avenues to keep your site secure. Besides implementing some non-standard configurations when installing WordPress, there are several WordPress security plugins I highly recommend. If you have users that use less-than-secure passwords like “letmein,” then we suggest implementing a plugin like Force Strong Passwords. What’s a insecure password? Check out this lame-brain list of Top 25 Worst Passwords of 2012.
How can we help?
Struggling to keep your WordPress installation up to date? Need help in implementing website security best practices?
We are the spectrum group online, and we offer strategic and tactical consulting so you can monetize your online presence. Call us for a complimentary 30-minute consultation to discuss your website’s user experience and translate that into sales.