Yesterday’s email from my hosting company issued the following security warning for WordPress users: Beware! Hacking attacks are underway by high powered computers that speedily run through password and user name possibilities until the right ones are found, allowing login access to your WordPress site. The email recommended some steps for making my site more secure:
- Change my user name from the default one, admin, to a strong one, containing no words from the dictionary, some numbers and punctuation marks, the same recommendation as for strong passwords.
- Secondly, change my login password, if I hadn’t recently.
- Finally, install a WordPress plugin which increases security by limiting the number of login attempts that can be made sequentially. Several plugins were recommended.
I decided to install Better WP Security. I configured it according to instructions. Within twenty four hours had received two email notices generated by the plugin, indicating that a user bearing a certain IP address had been locked out for trying multiple times to log into my most heavily trafficked blog. I traced the IP address to Latvia. Last year this blog was visited by users from 163 countries. Now I’m wondering how many were hackers scouting the territory.