If you use WordPress, this post might save your skin

I was doing a bit of blog tweaking revision avoidance and stumbled on an article about blog security – something I haven’t really thought much about before.

There were bucket loads of suggestions and tips made but let’s face it admin tasks are boring normally. I only want to tell you about one; a plug in that restricts the number of times people can try to log in to your dashboard. Sounds a bit bland but keep reading, you’ll thank me.

The plug in I’m about to tell you about is called Limit Login Attempts. I went ahead and installed it with nothing to lose. I didn’t expect anyone would be trying to get in to my account but I figured it couldn’t do any harm.

Within a few minutes of install, I had an email to alert me of a blocked attempt, then another and another. I panicked and consulted my internet helper man (or Kip as he is more formally known). I thought I’d done something wrong, surely all these people couldn’t be trying to hack my blog?

Well, it turns out they were, although they aren’t people they are ‘bots ran by people and these bots were making at least one attempt every 5 minutes to get in.

These bots are set up to try and try again until they figure out your username and password. Why is this a problem? Well, your emails, bank, Paypal etc would lockdown your account to protect it after a couple of failed log ins. WordPress NEVER does this.

Installing the plugin has really set off alarm bells for me. It’s completely bewildering that WordPress allow unlimited log in attempts in the first place, I was oblivious that anyone other than myself was trying to log in. Scary!

Thankfully the log in attempts so far have all been with really generic usernames. So if your login name is anything like : user, admin, temp, test, me, user1, test you might be wandering in dangerous territory.

I’m certainly glad to have that peace of mind and I can just leave it running away. I’ve set mine up so that if there’s something I need to worry about, like continued attempts from the same IP address, I’ll get an email about it.

If you know anyone that uses WordPress and might benefit from a bit of protection, please do link them to this post. It doesn’t bear thinking about what could happen if a hacker did gain access to your blog!