Nowadays WordPress websites are complaining that they sites been hacked. Initially they blame your coding, well in fact they are the one who decide to use it. Then you have to explain bla bla bla…
WordPress is the most famous CMS and no doubt with that, it deserve it a lot! But there are smart bored programmers out there want to mess up our lives.
One of the famous attack is the ‘brute force’ login attack where it can gain access to the website by guessing the username and password, over and over again… that can also take the site down by consuming resources.
Even though you upgraded your WordPress to the updated version that is not a guarantee that your website is safe. Though you have change all the server and admin password to a strong password they are still can get it in.
Here are some of my suggestions on how to prevent Brute Force attacks:
- Password protecting the PHP login file. Protect the access of the wp-login.php file in the apache by adding extra security layer.
- Installing WordPress Brute Force Login Protection Plugin. This limits the number of attempts for an IP Address.
- CloudFlare Integration. Cloudflare objectives is simply protects and accelerate your website online. It can prevent malicious requests, before they even hit your server.
- Host your website to AWS. Ofcourse, AWS network provides significant protection against traditional network security issues and etc.
Maintaining WordPress website is like taking care of a baby, you need to upgrade and make sure no one will attack it. 🙂