Brute Force Attack on WordPress Sites

lock security

wordpress securityLast week there was a world wide brute force attack on WordPress sites. What happens is that a hacker tries repeatedly to login to your site; once there he adds malware to your code, usually in the form of an link that appears in your header or footer area. Worst case they take your site down.

These brute force attacks are not unusual, but there are several security plugins available to help keep hackers out. The two I use for my clients’ site are iThemes Security and Wordfence.

If you find that you have been hacked, contact your host for assistance.


  1. If you do not have a WordPress security plugin, go to NOW, click on the plugin link and search for security plugins. Find a plugin that has been recently updated and that has several thousand installs.
  2. Login credentials: DO NOT have Admin as your user name.
  3. Password: have a strong password. WordPress now creates strong passwords for Users. This is a feature you should be using.
  4. UPDATE YOUR PLUGINS, THEME AND WORDPRESS VERSION as soon as updates become available.





Share Post: