WordPress Security
WordPress is a target for hackers and crackers and they employ a number of methods, including attacking plugins and themes. However your basic WordPress installation is increasingly a target for botnets and brute force attacks.
100's of compromised machines will hit your WordPress installation's login page to try various username and password combinations.
This can cause issues beyond the obvious one of your site being compromised. The shear multitude of hits can drive bandwidth use as well as server load issues.
A popular and apparently effective plugin for this is Lockdown WP Admin. It has a number of settings, one of which I feel is very effective in that you can change the URL for your Login page and admin directories...
http://seanfisher.co/lockdown-wp-admin/
http://wordpress.org/plugins/lockdown-wp-admin/
Other notable security plugins I believe are effective are:
WP Super cache: http://wordpress.org/plugins/wp-super-cache/
BruteProtect : http://wordpress.org/plugins/bruteprotect/
Another often mentioned plugin, and one I consider essential is:
Limit Login Attempts: http://devel.kostdoktorn.se/limit-login-attempts
It is also imperative that all WordPress sites be updated routinely with any updates for WordPress itself as well as theme and plugin updates. You should check your WordPress dashboard at least once a week for any updates...
We would appreciate any other suggestions WordPress users may have.
-Bob
100's of compromised machines will hit your WordPress installation's login page to try various username and password combinations.
This can cause issues beyond the obvious one of your site being compromised. The shear multitude of hits can drive bandwidth use as well as server load issues.
A popular and apparently effective plugin for this is Lockdown WP Admin. It has a number of settings, one of which I feel is very effective in that you can change the URL for your Login page and admin directories...
http://seanfisher.co/lockdown-wp-admin/
http://wordpress.org/plugins/lockdown-wp-admin/
Other notable security plugins I believe are effective are:
WP Super cache: http://wordpress.org/plugins/wp-super-cache/
BruteProtect : http://wordpress.org/plugins/bruteprotect/
Another often mentioned plugin, and one I consider essential is:
Limit Login Attempts: http://devel.kostdoktorn.se/limit-login-attempts
It is also imperative that all WordPress sites be updated routinely with any updates for WordPress itself as well as theme and plugin updates. You should check your WordPress dashboard at least once a week for any updates...
We would appreciate any other suggestions WordPress users may have.
-Bob