Being a WordPress user, we must keep an eye on the security of the blog. Daily, attackers try to hack several blogs by trying different combination of passwords. Even intHow.com daily receives a lot of malicious login attempts from different locations. Thanks to Jetpack and Limit Login Attempts plugins that they always keep this blog protected from such hackers.
Usually, attackers try to hack any blog by applying different combination of words from dictionary. They may use scripts programs which do the same job in very less time. If they are able to guess the right combination of your password, they immediately get into it. This process by which they try to hack any blog by applying different combination of passwords from dictionary is known as Brute Dictionary Attack.
By default, WordPress offers unlimited number of login attempts which makes it much easier of hackers to hack any blog. During installation of WordPress on blog, we have to choose username for logging in. One major drawback of this is that you can’t change your blog’s username later. This username can easily be known by anybody by checking the slug of author’s link.
For ex. http://www.example.com/author/abcd
This abcd is the username of the user. If you want to change this username then you can check out our separate article on How to change username of your WordPress Blog.
If your blog is hacked any somebody, then you still, can change your password to gain access again on your blog. But till then, all your hard work may be deleted.
So, here I’m gonna to suggest 3 plugins that you can use to fully protect your blog from hackers.
1. Limit Login Attempts Plugin:-
Limit Login Attempts plugin is very useful to block malicious login attempts. You can define total number of login attempts to which anyone can try. After this threshold, the particular person will get blocked from that IP Address. You can also choose the minimum time for which particular IP Address will be blocked.
This plugin also provides feature to inform you if someone tries to login many times from any particular IP Address and fails. The plugin is very helpful to handle hackers who tries to get access to your blog using Brute Dictionary Attack.
2. Rename wp-login.php Plugin:-
One major drawback of WordPress is that it provides same slug to log into account to all blogs. The default slug for logging is http://www.example.com/wp-login.php
/wp-login.php is default for all WordPress users which is quite prone to get hacked as it is easily guessed by hackers.
But, what if this URL is blocked from direct access from public and define a custom URL to login which is known only by you.
In such situation, Rename wp-login.php Plugin comes into interest. If you are sick of huge number malicious login attempts and to get rid of it then this plugin is for you.
This plugin will help you to choose a specific URL to login to your WordPress hosted blog. When you want to login, you will simply go to the custom URL that you have chosen and sign in as normal.
This plugin also helps to prevent direct access to default login URL provided by WordPress i.e., /wp-login.php. Rename wp-login.php Plugin will help you in such a condition whenever your password is stolen by somebody as he will not be allowed to gain access.
3. One-time Password Plugin:-
I find One-time Password plugin very useful when all your things are stolen. Conditions like when you accessed your blog from some Cyber-Café, possibilities are you might have used a system which was accessed by keyloggers. Such computers can’t be trusted at all.
In such situations, you can use alternative passwords to login into your WordPress account rather than using your primary password.
This plugin can be used in less-trustworthy environments so that only waste is left behind after you login to your account. Hence keeping you secure from getting hacked.
How it works:-
Go to Settings> One-time Password
You will asked to put a strong password with at least 10 characters long in Pass-Phrase Box, Confirm the password. You can choose how many OTP you requires in Count/Sequence box. Put the number. Now click Generate. Download the list of passwords and use them.
Recommendation:- What if you use all of three plugins, i.e., Limit Logins Attempts allow only 3-4 attempts, Rename wp-login.php Plugin change the login address, and one time password allow a particular for one time only.
There is no perfect way to protect yourself from getting hacked. If a true hacker really makes his mind to hack your blog, then he will definitely do this.
We have several examples about this subject. Several big brands account got hacked. Several websites destroyed by hackers.
Well, even then we do our best to protect our blog from such unwanted threats. Giving up your hard work easily is not recommended. If someone really want to hack any blog, let give him some opportunities.
Better to have a backup of your blog all time.
Do you use some other plugins which are much useful than all above suggested? Please share it to help improve knowledge.