If you’re keeping up with the latest WordPress news, you’ve heard about this “attacker” issue.
These attackers are trying to exploit the default username ‘admin’ to gain access to your website. First they verify that your site has the username ‘admin’, second they start trying a number of passwords to access the account.
Read more about the known issues on the Sucuri blog.
I’m not going to address the issue as much as I am going to provide some suggestions on how to ensure you’re better protected from these type of attacks.
What you can do…
There are two primary things that you can do to protect your self from such attacks.
1. Do NOT use the username ‘admin’ for any of your WordPress user accounts.
If you are using admin, you will need to create a new user account and delete the admin user account. And use a STRONG password.
2. Make sure your WordPress installation and all your plugins are up-to-date!
This is a simple process. You can run these updates by clicking a button within your WordPress dashboard.
Additional security options…
1. Get a better hosting provider
We recommend WP Engine. This is a managed, WordPress hosting provide. They only host WordPress websites and because of that, their environment and services are tailed to provide an ideal solution for WordPress users.
Plus, when there are issues like these brutal attacks, you can rest easy because WP Engine hosted websites are prepared.
Read this tutorial on how to migrate your WordPress website to WP Engine.
2. Use Sucuri
Sucuri is web monitoring and malware clean up service. They are always on top of the biggest and smallest threats to keep your site safe and secure.
Yes, We can do all of this for you!
Now if you’re not interested in doing any of these improvements yourself.
Feel free to use the comments to ask any questions or address anything I may have missed!