Adrian Taropa

Adrian Taropa

I started my own webdesign company at 18 years before enrolling into University. I have been working on perfecting my web and business skills ever since.

Preventing password guessing on your website

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

WordPress is one of the most popular website platforms out there. It is very easy to see why: it is really easy to administer, it has a strong community behind it, and updating things could not be more hassle-free. Put simply, it’s the apple of modern CMS’s. This is why we chose to build webtemple on top of WordPress, combining the well known and loved features, on top of our own magic.

Double-Edged Sword

Since CMS’s are like operating systems (IE Windows, Linux, macOS) for websites, one basic rule will always apply: The more popular the platform, the more people will try to hack it. This is especially true with WordPress. Through my career, I gained a lot of clients, by helping them recover from a hacked website.

Why Does WordPress and Website Hacking Happen?

Simply put, there are lots of reasons a WordPress site gets hacked: To gain access to the data stored, to use that website to spread malware, to use server resources in attacks on other sites and so on. What all these hacks have in common though, is that they use your website to harm someone else. And to that someone, it will look like you are trying to harm them. Unfortunately, similarly to getting your identity stolen, you have to pay the price. Often that means a blacklisted domain, a poor spam rating, and can go as bad as legal repercussions.

How to prevent WordPress Hacking?

Comparing to windows, a strong antivirus will only protect you against known threats, but good practices and common sense will go a lot further. That being said, there are no guarantees, and there will always be one person out there that may get through and even hack websites with an insane amount of security.

But for the rest of us, here are some best practices:

Hide Usernames

You would be surprised how many login attempts using real usernames I have seen on a relatively inactive site over the span of an hour. The easiest way into a site is through a username and password combination. Knowing the username is already half the work.

Hackers find out usernames, by checking out your user archives. If your website has a blog, the author is, by default, published on that website in several spots. In order to keep things a little more secure, make sure you display the authors in First Name Last Name format, instead of a username.

Secure Passwords

It is very important to change your password every so often, to ensure that if someone is trying a very elaborate means of brute-forcing your password, they won’t get in. Another thing you should do is using a secure password. If your password is in the list below, your password is probably not as clever as you thought:

  • 123456
  • password
  • 12345678
  • qwerty
  • 12345
  • 123456789
  • football
  • 1234
  • 1234567
  • baseball
  • welcome
  • 1234567890
  • abc123
  • 111111
  • 1qaz2wsx
  • dragon
  • master
  • monkey
  • letmein
  • login
  • princess
  • qwertyuiop
  • solo
  • passw0rd
  • starwars

If your password is or resembles one of the above, your site is an easy target. Make sure to change your password asap. If possible, use a password management app, such as 1Password, to generate and remember a strong password. When you sign in on your own computer, just hit remember the password and you should be good to go. Just make sure you remember the password to your password manager 🙂

How Webtemple keeps websites secure

I’m not about to spill the beans and invalidate all our hard work, but we use a combination of best practices and industry-leading technology to thwart hacking attempts. We start by filtering out known bad users against internationally maintained hacking lists. This cuts down the number of threats by 70% (no it’s not a typo). After that, we put them through an application firewall, browser integrity test to make sure they are actual people and not bots, sent out to cause spam or try to automatically hack our system.
For the persevering types, who pass all the previous tests, we monitor behaviours on the site and lock out users who try to do funny business and then ban them from all of our sites. We have other methods in place, but I will not get too much into those, for obvious reasons.

More to explore

What Small Businesses should know about GDPR

GDPR is rewriting how data sharing works on the internet, and many small businesses aren’t ready for it. While it’s okay not to understand the GDPR fully, let’s navigate through its most important principles, but also through the many ways Webtemple can help you comply with these new rules.

Google Maps announces new pricing

Google has just announced extensive changes to its Google Maps API platform for developers products. And by extensive, we mean shocking.

If Imitation is the Greatest Form of Flattery, What’s Theft?

Ross Johnson from Project Panorama discusses his recent experience with having his popular WordPress plugin illegally copied and sold by another company. In this article he describes how he was able to deal with the situation and the steps he took in protecting his intellectual property.

Leave a Reply

Your email address will not be published. Required fields are marked *

Free Consultation

  • 30 Minute Phone Consultation
  • Personalized Action Plan
  • 30 Minute Follow Up