WordPress Security: Preventing hackers and spammers: Better WP Security, Sucuri and CloudFlare

WordPress security: It’s time to start ramping it up again

My ISP provided me with the following link by ArsTechnica

Huge attack on WordPress sites could spawn never-before-seen super botnet

Ongoing attack from >90,000 computers is creating a strain on Web hosts, too.

WordPress security is a particularly big deal at this moment in time. It’s a huge platform and well recognized enough to be considered worth it’s own attacks by spammers and crackers.

While I don’t know these people, they’ve written an excellent primer on securing your WordPress setup.

How to ward off spammers and crackers?

I had already been using Better WP Security. It’s an excellent plug in, free and donationware. Over a period of about 90 days, it has reported the following to me:

Your database contains 9416 bad login entries.
Your database contains 1530 404 errors.

Interestingly enough, other than the occasional typo on my part, the 9416 bad logins used “admin”. Having not only changed the default user name, but squarely removed it (No user ID 1 in the database) and using strong passwords, I felt relatively secure, and Better WP Security gave me a baseline of this particular activity on my site. The 404’s in this case were pointing to non-existent files (duh!) such as FrontPage files, or various config paths.

Recent spammers are aggressive enough to be considered de facto crackers.

I followed up with this article by Sucuri.net:

Protecting Against WordPress Brute-Force Attacks

By the way sucuri.net offers a very use malware scanning service. Very handy if you use WordPress security techniques.


While I’m relatively confident of the security of my site, I’m not one for shunning potential positive layers of services..

Cloudflare stands as a CDN between you and the web. Sign up, and simply change your DNS name servers, and it does the job. The free version offers enough to make it worthwhile to give it a serious try. Cloudflare offers a free and feature-full group of services for the little guy, as well as an extended range of services (such as SSL support) for paid accounts.

Now, with a baseline provided by Better WP Security, we’ll see how CloudFlare fares over the next 90 days. I’ll keep you posted.


Leave a Reply

Your email address will not be published. Required fields are marked *

* Copy This Password *

* Type Or Paste Password Here *

3,866 Spam Comments Blocked so far by Spam Free Wordpress