Website hosting providers around the world are seeing a huge increase in automated attempts to crack admin login credentials by trying to guess the administrator username and password.
The content delivery service CloudFlare has blocked 60 million requests against WordPress users in just one hour and Hostgator has so far detected 90,000 different IP addresses involved in attacks on it’s servers hosting WordPress websites.
You can read more about these attacks here..
How to Protect Your WordPress Website
This attack poses a real threat to your WordPress website and your business so it’s important you take action to prevent a successful hacking attempt. Chances are your site is receiving daily login attempts by automated hacking bots right now.
- As this attack is focused on guessing the WordPress admin username and password your first priority should be to make these harder to crack. One element that encourages hackers to target WordPress is the default administrator username of ‘admin’ which many users don’t change. Straight away this makes it 50% easier for hackers to crack your login details. Whether your current login username is ‘admin’ or not change it now to something longer and harder to guess. See below for instructions.
- Change the WordPress admin password to a longer more complicated sequence including upper and lowercase numbers, letters and sepcial characters such as #*& etc. If you’re concerned about remembering more complicated loging details get password software such as Lastpass which is free.
- Change login details for FTP access, any control panels and email accounts.
- Run an antivirus software scan on all computers that have login access to your WordPress admin area.
- Check that your WordPress version, all themes and plugins are up to date.
Whilst these measures are a basic response to the current threat they will help protect your site. For more comprehensive protection take a look at our WordPress Security Plans.
How To Change Your Admin Username
1. Login to your WordPress admin dashboard.
2. When logged in go to Users>Add New User
3. Enter details for your new Administrator user account and click ‘add user’. Use a different email to your existing admin account and select ‘Administrator’ for the Role field.
4. Log out of WordPress and log back in as the new account you just created.
5. When logged back into the Admin area, go to Users>All Users and click the ‘delete’ option for the old ‘admin’ user. Hover your mouse over the username to reveal the delete option.
6. IMPORTANT! – Attribute existing posts/links to your new user account and click the ‘confirm deletion’ button. Don’t skip this option or your posts will be deleted.
7. If required change your email address back to the original one used under the old admin account you just deleted. Just go to Users>Your Profile, edit the email address and click the ‘update profile’ button.
Need Help Protecting Your Website?
Whilst all the above security steps are essential for protecting your website from hacking threats, you also have a business to run. The best solution to securing your website is to backup and scan daily. That way you will be alerted to threats as they happen and have a clean backup of your site to restore quickly should the worst happen.
Contact us to discuss how we can protect your website while you get on with running your business.