• Menu
  • Skip to right header navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Spectrum Group Online

Decisions Made with Data.

  • Services
    • Digital Marketing
    • SEO
    • Google Analytics
    • Pay Per Click
    • WordPress Websites
  • Pricing
  • About
    • Our Difference
    • Who We Are
    • Client Testimonials
    • Case Studies
    • Certifications
    • Contact Us
  • Resources
    • Blog
    • eBooks
    • Tools We Use
  • Free Strategy Call
  • Services
    • Digital Marketing
    • SEO
    • Google Analytics
    • Pay Per Click
    • WordPress Websites
  • Pricing
  • About
    • Our Difference
    • Who We Are
    • Client Testimonials
    • Case Studies
    • Certifications
    • Contact Us
  • Resources
    • Blog
    • eBooks
    • Tools We Use
  • Free Strategy Call

Protecting WordPress from Attack

April 16, 2013 //  by Massimo Paolini//  8 Comments

Updated December 28, 2022

Reading Time: 3 minutes

Protecting WordPress against the recent (and massive) brute force attack has been a popular subject on online newswires lately. While security attacks on open source platforms (like WordPress) are nothing new, this latest barrage has become truly sensational. Let me clear up what’s really happening and, more importantly, what you can do to protect your WordPress website.

2025 Business Website Checklist

Name(Required)
Privacy(Required)
Stay Informed
This field is for validation purposes and should be left unchanged.

Learn More

In this Free eBook:

  • Learn website requirements
  • Configure technical settings
  • Improve user-experience
  • Do optimization & Tracking

WordPress Security & Recent Brute Force Attacks

High-profile web hosting firms are taking on the brunt of the attack. If your site is hosted by HostGator, LiquidWeb or GoDaddy, you’ve probably received an email reassuring you and providing advice on how to prevent a breach. Even if hackers haven’t infiltrated your site, it’s probably affected your hosting service. The onslaught has been overloading servers, affecting administrative access and site up time.

While your hosting provider is doing what it can behind-the-scenes, the best offense is a great defense. And your best defensive move is to implement robust and complex passwords that aren’t easily hackable.  It’s also recommended to have unique passwords for each system. That way you are spreading out the access risk. For example, have a password for your banking site that’s different from your Groupon or Facebook login. Protecting yourself takes a little common sense and ongoing diligence.

Protecting WordPress: Practices to Implement

Are there other measures you can put into place to protect your WordPress website? Yup. Here are our top 6:

1. Don’t Use Admin As a User Name

Having “admin” as a user name is a rookie mistake. Change it immediately. If you use WordPress.com to host your site, follow Matt Mullenweg’s advice and implement two-factor authentication.

2. Implement Strong Passwords

If you are your website’s Webmaster, we recommend installing Force Strong Passwords. This is a five-star rated plugin; it will guide your users to build robust passwords for WordPress administration access. A good password has the following elements:

  1. A minimum of 8 characters
  2. A combination of upper and lower caps (min: 2 upper case)
  3. At least two numbers (0-9)
  4. At least one special character
  5. The password must not be a word you can find in the dictionary (there is such a thing as a dictionary attack)
  6. If you can remember your password it’s not a good one

3. Block Hackers at IP Source

We use IP Blocker to blacklist hackers. While this isn’t foolproof — and it is not a defense against the recent brute force attack — it permanently blocks hackers at the IP address level. For our maintenance clients, we keep on top of black listing hackers as they alter IP locations in their repeated attempts to break in.

4. Limit Login Plugin

Blocking the bad guys is unfortunately part of “business as usual” for any type of website. It’s not a matter of “if” a bad guy will come knocking on your WordPress door, it’s just a matter of “how many times they will try to break in.” That’s why we recommend a plugin that limits the number of login attempts. Blocking at the IP source plus limiting attempts is an effective combo in protecting WordPress. Sadly brute force hacking software is easily available, complete with how-to videos on YouTube.

With that said, we want to be absolutely clear. The combo of IP Blocker and Limit Login plugins are effective general security measures. They are ineffective against the recent brute force attack. Again, the best way to protect yourself is with robust passwords.

5. Hide WordPress Version

Protecting WordPress starts a the database level. We use a plugin to hide the WordPress version and ensure that default prefixes (“wp_”) have been altered (another layer of protection). Hackers that use brute force software zero in on websites where these defaults are used.

6. Keep Core Up to Date

Automattic, curators of WordPress’ core, regularly update the code with WordPress security updates. Keeping your version up to date takes advantage of changes they implement to address new threats and trends. Same goes as to security plugin updates/upgrades.

Brute force attacks are unfortunately increasing and becoming more commonplace.  The good news is that several security features make protecting WordPress websites easier. Not sure if your site is vulnerable? We offer an affordable audit where we analyze your WordPress installation. You’ll receive specific recommendations on how to safeguard your website.

More Info About Brute Force Attacks & WP

Keeping your website secure is not a “one-and-done” endeavor. If you’re technically minded, I suggest this WordPress.org article on some of the code you can add to protect your site further. If you need help with your WordPress website’s maintenance and other security measures, simply reach out.

2025 Business Website Checklist

Name(Required)
Privacy(Required)
Stay Informed
This field is for validation purposes and should be left unchanged.

Learn More

In this Free eBook:

  • Learn website requirements
  • Configure technical settings
  • Improve user-experience
  • Do optimization & Tracking

Category: Web Design// Author: Massimo Paolini

About Massimo Paolini

Massimo is Co-CEO and Chief Data Scientist. On the web since the 90’s and a Google Partner since 2014, his expertise includes technical SEO, search marketing, marketing analytics/analysis, and online advertising. Massimo has an innate ability to sift through a sea of data, uncovering insights that formulate results-oriented strategies. He has taught Digital Marketing, Google Ads and SEO at UC Berkeley Extension since 2014—and presented at international search marketing conferences like SMXL in Milan.

Previous Post: « Blog Traffic: Attraction Factor – Part 2
Next Post: Brute Force Attack Measured »

Reader Interactions

Comments

  1. Milissa Haluska

    August 15, 2017 at 2:38 am

    I do agree with all the ideas you have presented in your post. They are very convincing and will definitely work. Still, the posts are too short for novices. Could you please extend them a bit from next time? Thanks for the post.

    Reply
    • Maine Demot

      December 28, 2022 at 12:33 am

      Thanks for commenting. For WordPress newbies, I don’t suggest DIY, especially when modifying or adding code.

      Reply
  2. Alberto Quimby

    September 9, 2018 at 5:18 pm

    I do agree with all the concepts you’ve introduced in your post. They’re very convincing and can definitely work. Still, the posts are too brief for newbies.

    May just you please prolong them a little from next time? Thanks for the post.

    Reply
    • Maine Demot

      December 28, 2022 at 12:33 am

      Thanks for commenting. For WordPress newbies, I don’t suggest DIY, especially when modifying or adding code.

      Reply
  3. Jeremy Eidemiller

    December 26, 2022 at 11:25 pm

    There is no doubt that your post was a big help to me. I really enjoyed reading it.

    Reply
    • Maine Demot

      December 27, 2022 at 6:18 am

      Thank you for the kind words Jeremy. Protecting your WordPress website from a breach is no easy task.

      Reply
  4. Milton Hatman

    December 28, 2022 at 6:22 am

    Please provide me with additional details on that. I need to learn more about it.

    Reply
    • Maine Demot

      January 30, 2023 at 3:13 am

      Hi Milton. Here are more articles related to this topic.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Case Studies
  • News & Events
  • PPC
  • Sales
  • SEO
    • Content
    • Links
    • Local SEO
    • Schema
  • Social Media
  • Web Analytics
  • Web Design

Most Relevant

4 Tools for Effective SEO Link Building

10 Tips to Create Great Customer Testimonials

Basics of SEO

How to Interview a Website Designer or Developer

Blog Marketing: 10 Sources for Inspiration

Footer

Spectrum Group Online

About Us
Certifications
Contact Us

[email protected]
(408) 675-0330
San Jose, CA 95129

Founded by Massimo Paolini and Alyson Harrold in 2011

Stay On Top Of Your Game

Digital Marketing never stands still. Keep up with the latest online marketing trends, sign up for our monthly newsletter. We promise no SPAM and no sales pitches.

Privacy*
Privacy
This field is for validation purposes and should be left unchanged.

Twitter LinkedIn Facebook Instagram YouTube

Copyright © 2025 Spectrum Group Online, LLC | All rights reserved | Privacy Policy | Site Map

Tell us about yourself.

Step 1 of 3

33%
Which option best describes you?(Required)
How many full-time employees does your company have?(Required)
What is your company's annual revenue?(Required)
This field is for validation purposes and should be left unchanged.