Be Afraid…Be Very Afraid
This is scary. Some *** * S O B, (expletives deleted, reluctantly, by me!) has been and is still, trying to hack my sites. Even now, as I am writing this!
I have to assume it’s a Robot of some sort programmed to attack from a variety of IP addresses ranging from Italy, mid-Europe, Russia (no surprises there) across to Vietnam. I have lost count of the number of attack alarms I’ve had. Every time I log on to email there’s another twenty or so failed attempts. My wish for whoever is behind it is simple. May that rabid hyena gnaw upon his nether regions.
The Scary part is that whoever he maybe, he has my correct User Name which is not, never has been ‘Admin’! It is, or was, a combination of Alpha / Numeric, Upper and Lower case. I am left wondering how in the hell he got it.
I say ‘was’ because I have now changed it and I would strongly recommend everyone reading this to do the same. If you are still logging in with Username ‘Admin’ please change that NOW!
How to change ‘Admin’
You can do it manually by adding a new user, with full admin rights, through Cpanel and then deleting your original user name.
The easier way is to download the ‘Admin Renamer Plugin’ from WP, in the normal way and change your user name. It couldn’t be simpler.
Next, make sure that your Username is not the same as your Post Author name or nickname. Use the above plugin again or change the Post Author in WP Settings.
That’s a good start but it doesn’t and shouldn’t end there. It is not a question of ‘IF’ you get hacked it is rather ‘WHEN’ you get hacked. If you’ve done nothing about securing your site, it is going to happen sooner rather than later. All my sites get attacked form time to time. Yours will too. As I said, it’s not a question of ‘if’ but rather ‘when’.
One hacker did eventually get through my old security set up and started using my site for sending out spam emails. Thankfully my Host picked it up, disabled the script and advised me accordingly, so I could fix the leak. Not all hosts will do that. You could find your account locked for spamming and have on hell of a battle on your hand to move everything to a new host.
Best Practice – My Best Solution
I’ve tried several, free and paid solutions. It may sound glib but for peanuts you’ll get something a monkey could hack. I am no techie and I work on a tight budget but I sleep better knowing that my sites are about as secure as they can be. Unfortunately that level of comfort has to be bought.
The best that I have used and the easiest to use is, without doubt, is SecureScanPro. You can have it set up in minutes without any techie knowledge.
Press a button and it scans for vulnerable areas. Weaknesses after that, are a one click fix. Then you are done. It scans regularly and sends you the results. Bans repeated login attempts and whole lot more.
Read the sales page here. But you can safely take it from me, it works and I now use it on all my sites.
Let’s see – we are now up to 335 ‘saved’ attacks, immediately before pressing the publish button on this post. That is worth the price of the software. (I have now disabled the ‘notify me’ function knowing that my site is secure and I can sleep).
I suggest you grab it now and be safe. You could regret it if you don’t. Click the link and know that within a few minutes you will be safe.