Well it came as a shock to me to get a hacking notification from my current hosting provider InMotion Hosting when I tried to login to my other site 2WheelTuesday.com. hocked on one hand as this is not a real active site and I only update this site every now and then. Why in the world would someone want to hack this site?
Well whatever the reason I quickly realised how vulnerable my site is and someone out in cyberspace was trying to Brute Force my Admin account. Lazy me I used the default Admin user which is a big security no no and didn't have a way to monitor or control my logins.
So what can you do to quickly harden your Wordpress site?
How to Rename the Wordpress Admin User
- If this is the case then you should create a new User and assign the Editor Role
- Create a new Admin account user and assign the Admin Role
- Login as the newly created Admin User and Delete the original Admin user. Don't worry this won't delete your posts because Wordpress is smart enough to ask you if you want to transfer your posts to another user. Choose the user you created in step 1.
Securing Wordpress Login
I highly recommend to use the Wordpress Plugin Login Security Solution. Not only is this plugin absolutely necessary to slow down Brute Force attacks and make the attackers go after other easier more vulnerable sites. The plugin allows you to Track IP addresses, enforce password complexity, and most importantly sends you an email when someone is trying to brute force a Wordpress account.
Another nice feature with Login Security Solution Wordpress Plugin is if a login failure uses data matching a past failure, the plugin slows down response times. The more failures, the longer the delay. This limits attackers ability to effectively probe your site, so they'll give up and go find an easier target. Another feature that lets you sleep better night is if an account seems breached, the "user" is immediately logged out and forced to use WordPress'password reset utility. This prevents any damage from being done and verifies the user's identity. But if the user is coming in from an IP address they have used in the past, an email is sent to the user making sure it was them logging in. All without intervention by an administrator.
One day after installing the plugin I received the below email giving me an overview of what was currently occurring with my site. This Plugin is priceless considering it just thwarted a bad guy from trying to get in.
Example Login Security Solution Threat Email:
Your website, 2WheelTuesday, is undergoing a brute force attack. There have been at least 50 failed attempts to log in during the past 120 minutes that used one or more of the following components: Component Count Value from Current Attempt ------------------------ ----- ------------------------------
-- Network IP 47 ###.###.###.### Username 50 admin Password MD5 1 12345678901010101010 The Login Security Solution plugin (0.42.0) for WordPress is repelling the attack by making their login failures take a very long time. This attacker will also be denied access in the event they stumble upon valid credentials. Further notifications about this attacker will only be sent if the attack stops for at least 120 minutes and then resumes.