Brute Force Password Attack!

There is currently a massive attack on WordPress sites going on all around the world. Nearly one hundred thousand different servers, most of them hijacked, are running a script that methodically works through possibilities for usernames and passwords in order to gain access to administration accounts on WordPress sites. Because of the number of servers engaged in this "brute force attack" process, many sites are being hijacked. There are things you can do to help protect yourself.
Here's what you should do, and though nothing is 100% certain, there are a few basic precautions that will help to keep your WordPress site safe from these brute force attacks:
* Be sure your password is 8 characters or more and a mix of letters, numbers, symbols.
* Install the Limit Login Attempts plugin available free from the WordPress plugin repository.
* DO NOT have an active administrator account with the default username "admin".
* Be sure you have current backups for your wp-content directory tree and all databases.
* If you should need to restore from a backup be sure to change your password immediately.
If you need help with any of this feel free to contact me. I will answer any questions sent by email ( without charge, and I can be hired to actually do the three items listed above on your site if you wish.


Stephen B. Henry, known by many online as the WordPress Wizard, the Coach's Coach, or just the Wiz, is an author, web developer, small business consultant, and personal mentor. Steve earns his entire living online, providing business, technical, and online presence planning and support to small business owners, spiritual practitioners, online marketers, and other solopreneurs, including those who work from home. With a focus on permission marketing and heart-centered business, Steve works closely with, and cares about, each of his clients. He can be reached by email at

Leave a Reply

Close Menu