In recent weeks, there has been substantial buzz around the Web centered around a brute force attack on WordPress sites. These attacks are made by a network of more than 90,000 infected computers. They operate by logging in to the WordPress admin section with the generic login name “Admin”, as that’s how most WordPress sites are first set up. Those with weak passwords and an “Admin” username are getting hacked.
This is just one method out of hundreds that hackers use to attack WordPress sites around the world. It’s even possible to be a hack victim and not even know it, as your site can be used to infect other sites behind the scenes. Some hacking involves spamming activities which has caused sites to be banned by Google, creating an emergency situation and a lot of corrective action to get back into good graces. So, how do you know if your site has been hacked and how do you prevent it in the future?
Wordfence is a very effective plugin, that is highly rated and easy to implement. Go to your WordPress plugins page, click on Add New and search for Wordfence. It will come up at the top of the search and is installed with one click. Other than imputing your email address to receive alerts, you really don’t need to change the default settings, although you may want to go through and add a couple of check boxes should you wish to receive more alerts.
When you do your first scan, you may be surprised to find that you have already been hacked. The great thing about this site is that it provides instructions on how to delete compromised files, as shown in this image:
You also have the ability to monitor realtime access to your site and block specific IP addresses. When you see sites from other countries accessing your login.php area, you’ll want to block those IPs. It just takes one click.
This plugin is free and effective. Install it so you don’t become a hack victim.