I received this notice from the boys and girls that provide security over my website: “As of 11am eastern time this morning, we are monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date.”
Do you have a security program plugged into your website? Do you know when your website is under attack? Do you know HOW people are trying to attack your website?
I use a plugin called WordFence for my security on my websites and I love it! I am immediately notified when anyone logs into my account with administrator privileges (including me). I also know when someone attempts to log in to my account and uses the wrong password. I am also able to block specific individuals from logging into my account. There is no danger in blocking someone because they are there to do harm not to work with me.
Most WordPress developers know this already; however, I’ll mention it again here: do NOT use the default username of “admin” for your WordPress website. When you do, the potential hacker already has 1/2 of the equation to breaking into your website. Once they’re in that far, all they have to do is to employ a password guessing tool and before long they’re in your website as the administrator and they can do anything they want to once inside…just like you can. It is also advisable not to use any derivatives of “admin” as well such as “admin123”. If you already have your administrator account set up with the user name of admin, go now and create a different administrator account and remove the default administrator account.