Keeping your WordPress Website Safe from Hackers
In the last year, I have noticed a severe increase in brute force attacks on the WordPress websites that I manage. I have had website owners come to me because their site was hacked and needed help getting back online. Instead of having to fix the problem after the fact which could cost hundreds of dollars, hours of work and lots of frustration, there are ways that you can defend your site proactively.
What is a Brute Force Attack?
A brute force attack is when a hacker tries over and over again to get into your website by trying a variety of username / password combinations until they get in. Once in, they can play havoc on your website. Many times you may not even know you have been hacked because they place adware or malware on the website that can go undetected without the right monitoring and protection.
Username and Password Change
The easiest way to protect your website is to remove the “admin” login.
- Create a new user (see: https://codex.wordpress.org/Users_Add_New_Screen)
- Transfer all posts and pages to the new user
- Log out
- And then login as the new user just created
- You can then go in and delete the “admin” user.
This is important because many of the brute force attackers try to get in using the admin username.
Add WordPress Security Plugins
My “go to” WordPress security plugin is Wordfence. Wordfence offers the ability to scan your site for problems and it will limit the number of times one can try to login before getting shut out. In addition, for a fee, you can block entire countries from getting to your website.
You can also see who’s coming to your website real-time. And it will keep track of blocked IPs.
For more information on WordPress security plugins and more, go to:
At a minimum, you should delete the user “admin” and add the free version of Wordfence. This costs a lot less money, time and frustration than having to fix a site that was hacked.