WordPress is one of the most popular platforms to use when it comes to the creation and maintenance of a website. It is an open source platform for plugins and themes, whilst providing the website owner complete freedom to editing the website down to code level.

However, as much as it is a good thing that there is freedom to do whatever you want with a WordPress, it can also be a bad thing too. This is because it makes WordPress websites a bit susceptible to getting attacked and hacked. For one, a common way hackers try to gain access to WordPress is through a process called ‘brute force attack’ – this is where the hacker sets up some code to continually try to login with common usernames, changing the password every time until they find out what the password is. Although this seems unlikely, it is actually far too common a way for hackers to gain access. With this, here are a few simple ways you can reduce the likelihood of being hacked through brute force.

Use a Complex Password

Of course, use a complex password that should incorporate the following:

• Upper and lower case characters
• Numbers
• Punctuation
• Multiple words

Never Use ‘admin’ or ‘[website name]admin’ as Usernames

With brute force attacks, hackers go for common login usernames names to attempt to uncover the passwords for. The two most common admin, with all privileges as administrator, usernames tend to be ‘admin’ and ‘[website name]admin’. For example, for this website, it would be ‘ppcadmin’.

Taking this information into consideration, choose a username for your admin account that is not either of the above. Including numbers at the end will make the username even better and harder to hack into (since hackers will struggle to find the username of such admin accounts for websites).

Limit Login Attempts

In WordPress, be it with a plugin, you can limit the login attempts to a WordPress account. This is a brilliant way to prevent your admin account from getting brute force attacked. What this does is allow for, say, 5 failed password attempts and then for the account to be banned from attempting again. To regain access, using another source of authentication, such as email or mobile, will allow you to regain access.

Two Factor Authentication

This is probably the best way to go about preventing brute force attempts. Two factor authentication requires either a mobile phone or email address to confirm that it is you who is logging into your account. As much as this eradicates brute force attacks, it is also a little more time consuming for every time you log into your WordPress website. Therefore, it is swings and roundabouts whether you use it or not. For me, it is always better to be safe than sorry.