General security advice for WordPress CMS users

Current Threat

Although there are currently no security issues for the WordPress content management systems (CMS), hackers are constantly trying to exploit the security measures. If you follow this general security advice for WordPress CMS users you can help mitigate this risk.  Recently, attacks have been increasing by hackers using “Brute Force” attacks, which are designed to force their way into database driven websites.

Brute Force

Brute Force attacks consist of many requests sent to a login page along with multiple password combinations, systematically checking all possible passwords until the correct one is found.  Hackers have huge databases of passwords from their successful hacking of other systems and also of typical words/strings that are commonly used (e.g. names, places, football teams etc). If the hackers have your password then they can gain access to your website’s administration area.

Our Approach

In conjunction with our hosting partner, we are constantly monitoring our systems to determine when adverse traffic surges occur, with a view to blocking as much traffic as possible from the sources of the attacks.  In addition to hosting security, we utilise the latest system firewalls and best security practice.  However due to the distributed manner of these attacks and the fact that we need to also allow legitimate access, this risk of compromise cannot be completely removed.

Minimise the risk

To this end, there is a simple action that you can undertake in order to minimise this risk further.  If you have a very simple password that is easy to decipher, then it is much easier for these hackers to gain access to your account. If you have a complex password, much more time is needed.  The longer it takes to try and hack your account, the better the chance we can prevent it before they gain access.

To this end, we are advising all our customers to update their password to include a mixture of numbers, symbols and lowercase and uppercase letters.  For example:

The password indigochess is simple for the Brute Force system to guess but can be made more complex with a mix of case, numbers and special characters, such as 1Nd1g0Ch3$$.

Share: