Limiting brute force attacks in WordPress

It is quite common for hackers to attempt random scans of websites for common security vulnerabilities and even if they fail to find any the resulting high traffic can have significant negative effects on our servers, this is especially true when common CMS systems like wordpress are used as they will consume high amounts of CPU to process the traffic even if it is not legitimate.

To avoid some of this effects we have some systems in place to block obvious attempts but hackers have ways to get around these by using many random IPs etc, it is much more effective if the protection is built into the website.

Below are some suggestions for improving your website security and reducing the cpu load during hacking attempts.

1. Hide common attack vectors, many hacks involve brute force attacks on common admin login forms e.g. /wp-login.php in wordpress. We recommend moving these URLs to uncommon file names so drive-by hackers have to work much harder to find an attack vector, in wordpress this can be done using a simple plugin e.g. WPS Hide Login.

2. Install a plugin like WordFence for WordPress to track and actively block hacker attacks as well as keep you informed about new updates to wordpress and any plugins you may have.

3. Consider placing the admin part of your website behind server level authentication, most servers use .htaccess and .htpasswd to add an additional level of security, sever side authentication is a lot less resource hungry than one built into a website and will add considerable protection from hackers.

4. Remember to limit your file permissions, never have full site wide write access enabled, doing this can allow a hacker to write to any part of your webspace and cause much more damage.

I hope some of these suggestions help your improve your websites security and avoid service interruption due to hackers.
  • 0 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

Il mio sito è stato hackerato, cosa faccio?

Prima di tutto niente panico! Poi segui i seguenti passi. 1. Cambia tutte le password per tutti...

Come rendere sicuro il proprio piano di hosting da attacchi di hackers

I tipici vettori di attacchi utilizzati dagli hacker sono i seguenti: 1. Permessi di file e...

Consigli generali di sicurezza

Non ci sarebbe neanche il bisogno di dirlo, che la protezione del sito web è estremamente...

Protezione WordPress

Vediamo tutti giorni attacchi a siti web costruiti con Wordpress e regolarmente vediamo siti web...

Perché aggiornare il tuo cms?

È importante aggiornare i software che utilizziamo su internet (applicazioni tipo cms e...