Always make sure your security ‘cannons’ are ready to fire!
Left unchecked, anyone can keep trying your password until they eventually figure it out (If you’re wondering how much time they have on their hands, please consider that they use software for this). And once they’re in? Odds are, they are trying to show ads to your readers, serve malware, or maybe redirect traffic to their site, any of which can get your site blacklisted.
Think there’s something ‘off’ with your WordPress install? Start here, with Sucuri’s site check.
For monitoring and hardening, save time with automation. Enable email alerts so there’s a notification when someone is locked out of your site, and to routinely check the “bad login” logs to make sure they don’t have your login username.
My favorite plugins:
- iThemes Security, a free plugin, will limit common attacks, including brute force and password guessing. It’s also great for monitoring site logins and updates, and hiding your username.
- If you’re already using Jetpack, turn on the “security” option.
- Sucuri Security can send important email notifications about key actions like post edits, activation of a new theme, and user logins.
Guides for Cleanup:
What are these hackers and spammers doing? These are my favorite guides from Sucuri that take you through what they’re up to and how to fix it.
- How to clean the SEO spam hack
- How to remove malware from your WordPress site
- An overview of SQL injection