WordPress security suggestion

[Jo McAdam]

Hello,

Given that WordPress is a common target for cybercriminals, I suggest doing the following to mitigate brute-force attacks and other security vulnerabilities.

1. Install a Captcha plugin or a full-featured security plugin which includes a Captcha. This will mitigate some bot brute-force login attempts against the /wp-login or /wp-admin pages.

2. Install All in One WP Security & Firewall plugin. This plugin has a feature that allows you to setup cookie-based login which includes the ability to obfuscate the /wp-admin or /wp-login pages. You can also configure a number of user and login policies.

3. Another good security plugin is: Wordfence. Wordfence has a built in security scanner which includes malware definitions. It has several different security features and is easy to configure. The premium (Paid) version has a country-blocking feature. Wordfence also has a Captcha which can be added to the /wp-login page. It also supports 2FA login.

I’ve run all three plugins on a WP site without any issues. They seem to play nice together.

[Mike Crouch]

We have taken the necessary precautions and already installed add-ins to accommodate all of these features. The captcha I have not turned on yet as we don’t commonly utilize the login as a requirement for posts. The previous spam attack we had has been all outside of the US which has been turned off for site access.

Thank you for the suggestions and please continue to add suggestions.

[Jo McAdam]

Pleased to meet you Mike! And, it’s great to hear you already have a number of security controls in place. Nice work!

One note on the Captcha… If you turn on the Captcha it makes it much more difficult for bots to brute-force the login page; it’s more of a control to ensure that unauthorized users do not gain access to the backend of the site.

If you ever need somebody to conspire with when it comes to WordPress, count me in. While I don’t do any web admin work now, I did in a former life.

[Author]

Posts