Recently there has been a spate of distributed <span id="urn:enhancement-aa3e88a9-f945-474f-42c9-92302c69767c" class="textannotation disambiguated wl-thing wl-no-link" itemid="http://data.wordlift.io/wl0226/entity/brute-force_attack">brute force</span> attempts against <span id="urn:enhancement-6abb5a1b-62ca-43be-2435-263c328ed2b9" class="textannotation disambiguated wl-thing wl-no-link" itemid="http://data.wordlift.io/wl0226/entity/wordpress_2">WordPress</span> websites.
The way this works is, a network of “drones” attempt to log into your WordPress website using common usernames and passwords.
If you have an obscure username/password combination, you’re most likely safe from this type of attack, but why take the risk? Follow our simple steps below to secure your directory using cPanel.
Log into your cPanel account:
Under the “Security” heading, select “Password Protect Directories“:
A screen will popup, select the www/public html directory and click “Go”.
On the next page, click on your ‘wp-admin’ directory.
Now fill in the details:
Click on Add/Modify authorised user, the page will re-load and the user will be listed. Tick the “Password protect this directory” box and give the login area a name – ie, WordPress Admins Only. Click on save.
Now when you visit your WordPress admin area you will be prompted for a username and password BEFORE you can access the WordPress login page:
Now, if someone wants to access your WordPress admin, and has somehow got hold of your password, they will need a seperate login to be able to access your login page, without having both username/password combinations they can do nothing.
Do you have any other WordPress security tips? Share them with us in a comment below.