The WordPress brute-force login attacks show little sign of abating and we recommend all users ensure their sites are secured against this attack.

The Attack

Since spring 2013, hackers have been calling the WordPress login url with “standard” usernames (like ‘admin’) and thousands of passwords.  In our experience nearly all users have ‘admin’ as a user account so this makes them especially vulnerable.

The Solution

Well – not a solution exactly but it should protect your site being hacked.

The solution we propose is to change your username to something only you know about. If you are creating a new WordPress site, don’t use the default ‘admin’. Choose a new username.

If you have an existing site, you can’t simply delete the user ‘admin’ – therefore there are lot’s of free plugins around to change it instead. The one we’ve been using is called ‘Username Changer’. Install it, activate it, change your username and then remove it.  It’s a one off job.

2020Media can help

Additionally 2020Media would like to  see these WordPress attacks stop – realistically this is not going to happen – it’s a distributed attack from botnets, and things will change only when it’s not worth the hackers while any more.

2020Media are happy to change your login username for you plus we can add additional server-side security which will mitigate the denial-of-service aspects of the attack.

Managed WordPress

The Managed WordPress service from 2020Media is something anyone not logging in to their WordPress site on a weekly basis should seriously consider. Even if you do, get peace of mind as updates to WordPress, Themes and plugins are done for you. Read more