Some Plug-ins to Help Improve Security

Someone has been trying to hack! How did I know?
I've installed a WP plug-in called "Limit Login Attempts" and got warning email messages 3 times with 10 days saying someone from some IP address trying to log in as "admin" but failed many time and was blocked for 24 hours.

Here's what I found about the hacker's IP.

If you search for "Last user attempted: admin IP was blocked for 24 hours", you'll know how often a hacker tries to hack with user name:admin. Unfortunately, WordPress's default admin user name is "admin" and it doesn't make it easy for you to rename it.

A quick and easy way I can think of is: 1)create a new user and set it as administrator 2)and then (carefully) remove the user "admin" This works fine if you didn't created any posts and pages with the user "admin".

One other thing to make hacking harder is to change "Nickname" in your admin user profile page to someone popular but use a hard to guess user name. And then change the "Display name publicly as" to that Nickname.

One simple and important thing to improve security is to upgrade your WordPress as soon as a new version (usually includes security patches) comes out. Hackers hacked into one of my popular sites and one of my friend's and embedded some "Viagra" sales contents to show up Google search results (it only shows the hacked contents to the search engine robots (especially to Google) but hide the content to regular visitors include site owners through a web browser so it is very hard to notice. More often, you will only notice after Google sends you a notice saying your site is removed from their index and won't show up in their search research. If you have this problem, we can help you to solve it. Please contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *