Welp, my web host locked up my login script for my site on account of massive numbers of brute force login attempts. They’ve been trying this for months. Anyway, brute forcing is simply using sequentially-generated passwords to attempt a login. I didn’t get around to fixing it by the time my usual Monday post was due, breaking a months-long streak of weekly posts.
This image is unrealistic as the balaclava inhibits the flow of Cheetos
Since many readers have hosted WordPress-based webpages of their own, it would be a good idea to mention the Better WP Security plugin. That is, for people who pay for their own space on a web host and aren’t writing their blog from WordPress.com.
The plugin is free, easy to install, and makes database backups for you too. Right now it’s just doing its job of limiting and permabanning excessive login attempts from random IP addresses in Eastern Europe and a couple of other things to bolster the security of my WordPress installation.
Better WP Security seems to be a great plugin so far, but unless you go to great lengths to go through all of the settings of the plugin and configure parts of your server manually, it won’t totally prevent someone from compromising your site, and frankly, if they got in, they might as well have their fun for 5 seconds. However, since you’ll likely have the database backup handy, a minor setback by a skiddie taking down your webpage and attempting to spread viruses can be cleaned up and back to normal in minutes.
So, some general security practices for people who host their own WordPress:
- Make sure all of your CHMOD permissions aren’t set too high
- Get Better WP Security and tweak the settings to get some peace of mind, starting with changing or removing “admin” user and ID number, etc.
- Try to keep up with your WordPress and plugin updates for security purposes
- Change your passwords often, try not to use words, and use tons of different characters and “special” symbols (#&@^ for example) as each additional character in length increases the brute-forcing time exponentially.
This is just a public service announcement from your friendly neighborhood Pill Scout.
This week’s missing post appeared first on Pill Scout.
