WordPress security: It’s time to start ramping it up again
My ISP provided me with the following link by ArsTechnica
Ongoing attack from >90,000 computers is creating a strain on Web hosts, too.
WordPress security is a particularly big deal at this moment in time. It’s a huge platform and well recognized enough to be considered worth it’s own attacks by spammers and crackers.
While I don’t know these people, they’ve written an excellent primer on securing your WordPress setup.
How to ward off spammers and crackers?
I had already been using Better WP Security. It’s an excellent plug in, free and donationware. Over a period of about 90 days, it has reported the following to me:
Your database contains 9416 bad login entries.
Your database contains 1530 404 errors.
Interestingly enough, other than the occasional typo on my part, the 9416 bad logins used “admin”. Having not only changed the default user name, but squarely removed it (No user ID 1 in the database) and using strong passwords, I felt relatively secure, and Better WP Security gave me a baseline of this particular activity on my site. The 404’s in this case were pointing to non-existent files (duh!) such as FrontPage files, or various config paths.
Recent spammers are aggressive enough to be considered de facto crackers.
I followed up with this article by Sucuri.net:
By the way sucuri.net offers a very use malware scanning service. Very handy if you use WordPress security techniques.
While I’m relatively confident of the security of my site, I’m not one for shunning potential positive layers of services..
Cloudflare stands as a CDN between you and the web. Sign up, and simply change your DNS name servers, and it does the job. The free version offers enough to make it worthwhile to give it a serious try. Cloudflare offers a free and feature-full group of services for the little guy, as well as an extended range of services (such as SSL support) for paid accounts.
Now, with a baseline provided by Better WP Security, we’ll see how CloudFlare fares over the next 90 days. I’ll keep you posted.