I’ve never thought I would have to deal with Brute Force Attacks until now. This is my first time I have ever been attack. Hundreds of them a day. They started it since August 21, 2014.
I told Carol Amato about this and said, “Ever since I change the setting on CommentLuv, there are bizillion intruders tries to get in my domain. Hundreds a day! 🙁 I changed the setting back where it used to be but the people still trying to INTRUDE my domain are still coming like CRAZY. Dunno what to do now.”
Carol said, “That doesn’t sounds like a plugin malfunction, that sounds like a brute force attack – call your hosting company and see if there is anything fishy going on.”
I emailed Geoff (my hosting service) and asked for his help and he said that his wife, Susan, used Limit Login Attempts. And they’ve been attacked frequently and now it’s my turn. Wow. I never thought I would experience anything like this. But there is always first time for everything, isn’t it?
You can see the screenshot of the Brute Force Attacks here.
I first heard Wordfence from Tim Bonner. I had Limit Login Attempts installed then but I switched to Wordfence when I heard that this can do more advance blocking.
It has the same feature as Limit Login Attempts but it can do more.
For instance, it warns me for malwares when I click on that link from CommentLuv that others left me to read on their blog. It warns me if there are viruses on the site I visits. It also alerts me when I need to update other plugins in my blog.
It alerts me right away all the intruders who tries to get in my site. It tells me their IP address and what Username they were using to try to get in my blog.
Related Post: Wordfence to the Rescue
Unlike hacks that focus on vulnerabilities in software, a Brute Force Attack aims at being the simplest kind of method to gain access to a site: it tries usernames and passwords, over and over again, until it gets in. ~Codex
These morons enters all kinds of Usernames and Passwords in your blog over and over and over again. If you use “admin” username you are more likely to get hacked. Some are too lazy to create strong password and just use “123456” on their site. Now c’mon you can do better than that.
Don’t use “test” for a username either. Most of all never use “admin” for a username. Make your password 20-characters long. Make sure you use the upper case, lower case, numbers, alphabets, and mix it with characters like @%#$^&*. And change your password quite often.
Never ever use the same password for all of your social media and/or blog. I used LastPass to remember all of my passwords on computer, tablet, and iPhone. It’s free and every blogger should have it. Use the LastPass password generator to create new password for your site or social media.
Check out the Wordfence Security
As you can see Wordfence has a lot to offer when it comes to either free or paid option. I will not repeat what Tim Bonner mentioned on his blog but I thought a picture is worth a thousand words. So take this image and check it yourself. They have a lot of good stuff to secure your blog.
The free option was great. I get alerts on intruders every day. But I was so nervous last Saturday, I couldn’t sleep. I had to do something to stop these Brute Force Attacks. And so I decided to get the premium one.
On this one it allows me to block the whole country (i.e. China). Btw, I am so disgusted by this country, I have actually blocked the whole country. Perhaps they are good for creating our goods here in America. BUT…
Enough is enough when it comes to trying to invade my home. Last time they hacked my Twitter. I was just a new blogger online and only have 500 followers on Twitter, that’s not very much. I thought who would hack the little ol’ me? Lo and behold these people don’t choose whether you are small or big.
They just do not like bloggers! Specially new bloggers!
12 Greatest Plugins to Secure Your Blog
- Limit Login Attempts
- Block brute-force attacks
- Lockdown WP Admin
- WP Fail2Ban
- Admin Renamed Extended
- Enforce Strong Password
- Wordfence Security
- 3WP Activity Monitor
- All in one WP Security
- Rename wp-login.php
- Brute Force Login Protection
All of the above are suggested by WordPress.org. If you prefer not to use Wordfence, feel free to use these ones. Limit Login Attempts does a good job also. But I prefer Wordfence, just my opinion.
Cellphone Sign-in through Wordfence
This is great. I just tested it. Entered my Username and Password and it gave me a message like “sign in again and add a space and the code to the end of your password”. This is pretty cool.
Ever since I entered the CODE from my cellphone, the Brute Force Attacks stopped. I’m not sure I want to wait for these attacks to stop on that FREE Wordfence plugin.
This time they cannot get in my blog unless they have that code. I know there are probably other security that could provide me the same thing but I’d rather pay the “premium” because I know for sure that the plugin is getting updated everytime. I know that not everyone likes signing with the code through their iPhone.
But to me, it is a LOT safer. Who said that these intruders won’t be back? Since my computer remembers my passwords anyway and I only have to sign-in once in a while, I think it is worth it.
Some of the Strong Password Generators
- LastPass — can remember all passwords
- Passwords – (this is the one I used on my iPhone)
- cPanel – even your hosting service have its own password generator
- iPhone Password Tools – never tried this one but looks good
- Keeper Password Manager – for Android user
These are only a few I mentioned. I’m sure you can google these Password application both for your iPhone, Smartphone, or Android. But so far these are the top ones I like to use. Rated: 4.4 to 5 stars.
You can change your WordPress username. Instead of using “admin” you can create a much harder username to guess. Please go to Adrienne’s post here: How to Change Your WordPress Username
Make Your Password Super Hard
Never ever use a password that you can find in the dictionary. Never use your name, last name, year you were born, birthday, social security number, or your home address.
Make your password super hard. Something that doesn’t make any sense. That even you can’t remember it. Remember, you can use LastPass to remember all your passwords.
What is Your Method of Securing Your Blog?
I am willing to hear your experience. Please share with me what you did during the Brute Force Attacks. What did you do? Please leave your comment below and share with me and my readers. Thank you.
NOTE: Make sure you read Part 2 here.