Most of popular & high traffic achieving blogs are sometime hacked because of lack of security.It is better to have a backup of our website on weekly basis so whenever blog has some errors we can easily restore previous backup and being safe from hackers.For backing up WordPress blog, you can use premium backup plugins like WP backup Plus or Backupbuddy. The awesome plugin for WordPress security I found that was Limit Login Attempts for WordPress.The main advantage of having this plugin on our WordPress blog is that it prevent unauthorized login attempts & lock login session after predetermined trials.
Limit the number of login attempts possible both through normal login as well as using auth cookies.By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
There are specific option to manage limit login attempts plugin, you can increase or decrease lockout trials & lockout period in minutes from limit login attempts dashboard.The plugin will also notify WordPress admin after 4 lockouts.
Related : Things to do after WordPress installation
Sometimes the hacker might think they know your password, or they might develop a script to guess your password.The script will automatically tries number of numerical and guess your password. In that case if you have installed such login limitting plugin, this will prevent the script trying more than specified times. Limiting the failed login attempts will lock a user out if they entered the wrong password more than the specified time. They will be locked out for a specified time. You can control the settings from your admin panel. This will also let you see how many people are trying to hack your site. If you see the same IP trying to access your site, then you can BAN that IP address.
One more thing you can do with this plugin to increase security of your WordPress blog. The plugin do not mask login errors, as you can see in the screenshot above.It says incorrect username or password. Login error would suggest hackers what they missed, so it is better to masking login errors on WordPress blog.
Related : How To Secure WP Admin Folder
How To Mask Login Errors On WordPress Login page:
Most of the time when we enter incorrect username or password, it shows the error in red box that incorrect username or password. If you are masking this error on WordPress login page, this will make difficult for hackers to hack your login security.For that,You can add the following code in WordPress function.php file.
add_filter(‘login_errors’,create_function(‘$a’, “return null;”));
Limit Login Attempts Features:
- Limit the number of retry attempts when logging in (for each IP). Fully customizable from admin panel.
- Informs user about remaining retries or lockout time on login page like bank website.
- Optional logging, optional email notification.
- Handles server behind reverse proxy.
- It is possible to whitelist IPs using a filter. But you probably shouldn’t.
If you want to improve your WordPress blog security, you can try this awesome WordPress security plugin @ http://wordpress.org/extend/plugins/limit-login-attempts/
If you own such awesome free or paid WordPress security plugins and want to be featured on ehowportal like this, feel free to contact us for review.