These days, every Internet website is free game for hackers, whether it be a government, business, or your author page. If a hacker manages to get in, and there are many sophisticated tools that do this, the intrusion can be benign, destructive, or a demand for money. Either way, it is bad news. One way to protect yourself from unwanted intrusion is to install security software such as Norton, Kaspersky, etc. They work well, but this is not a guaranteed firewall, especially if you make it easy for a hacker to get into your website by direct logon.
Despite constant warnings, many people still fall for a basic beginners’ trick—a weak password and user name, such as ‘admin’. This combination is a ‘come in’ flag to a hacker. So, how to protect your website? You can have your weak user name, but protect it with a STRONG password! I am amazed to hear that some people still use only up to six characters in their password, and load it with a birth date, or some other easily identified character set.
Have your password LONG, with a mix of capital letters, numbers, special characters, and lower case letters. You won’t be able to remember your password? GOOD! If you cannot, it will be even harder for the hacker. Use a spreadsheet to store passwords, and use a DIFFERENT password for every platform. I cringed when I heard one person say that he used a single password for everything: access to his bank account, phone provider, Facebook … you get the picture.
Okay, you have Norton and you feel happy. But … have you checked your WordPress Dashboard lately for illegal logon attempts? If you have not, do so. You will be surprised at what you find. How do you do this?
When you log in, go to Setting, and from the displayed menu select Limit Login Attempts.
In the Lockout section, you can set parameters for login attempts and action to take when a logon fails after the permitted number of tries.
One parameter I strongly suggest you activate is the Notify on Lockout. When someone attempts to log in and fails—a certain sign of a hacker attempt—WordPress will send you an email notifying you of the attempt and a call for possible action.
At the bottom of the screen will be displayed the Lockout Log. This is a list of all failed login attempts and the IP addresses. With this address, you can now block the miscreant from trying to get in again.
You need to log on to your website hosting provider’s cPanel. Once in, scroll down to the Security section and click on the IP Blocker.
Once in, add all the IP addresses from people who attempted to log on to your site illegally. Your hosting provider will block them from future attempts.
From time to time, you may have received spam emails. To block them, lock out their IP address. From your website Dashboard, go to Settings, and from the displayed menu, select Discussion.